permission-manager
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions are specifically designed to bypass the agent's human-in-the-loop (HITL) safety mechanism by programmatically adding tools to the auto-approve list (allowedTools) in the global configuration file.\n- [COMMAND_EXECUTION]: The skill implements dynamic code execution by generating a temporary Node.js script ('update_permissions.js') and executing it via the shell to modify local system configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata