lovable
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The 'Yolo Mode' feature implements automated browser interaction with
Lovable.dev. This capability allows the agent to navigate the web UI and submit prompts ('Deploy edge functions', 'Apply migrations') within the user's authenticated session. This poses a high risk as it can be exploited to perform unauthorized cloud infrastructure changes or data modifications if the agent is misled by malicious project content. - [DATA_EXFILTRATION] (LOW): The skill identifies and tracks sensitive secrets (API keys for OpenAI, Stripe, Resend) and configuration files (Supabase client credentials). While the documentation recommends manual entry, the integration workflow and automated 'sync' processes increase the surface area for accidental exposure or logging of these credentials.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The agent scans the project directory structure (e.g.,
supabase/functions/,supabase/migrations/), file names, and theCLAUDE.mdconfiguration file to generate instructions. - Boundary markers: Absent. The skill provides no instructions to the agent to delimit or sanitize data extracted from the project files before using it in deployment prompts.
- Capability inventory: The skill executes
git pushcommands and performs browser automation (navigating and submitting forms) on theLovable.devdomain. - Sanitization: None. The logic directs the agent to use 'exact prompts' derived from file metadata and directory names, allowing an attacker to influence the resulting deployment commands by naming files maliciously.
Recommendations
- AI detected serious security threats
Audit Metadata