frontend-backend-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's core function involves reading and analyzing project source code, which serves as an untrusted data source. This creates a high-risk attack surface for indirect prompt injection.
- Ingestion points: The skill uses
Read,Grep, andfindto ingest content from files within thefrontend/,backend/, anddocs/directories. - Boundary markers: Absent. The instructions do not provide delimiters or specific guidelines for the agent to distinguish between the code it should analyze and potential instructions embedded within that code (e.g., in comments or strings).
- Capability inventory: The skill is granted
Bash,Write, andEdittools. A successful injection could lead to arbitrary command execution or malicious file modification. - Sanitization: Absent. There is no logic to filter or sanitize the content read from the filesystem before the agent processes it.
- Data Exposure (LOW): The workflow explicitly directs the agent to read backend configuration files (e.g.,
backend/app/config.py). While necessary for verifying port settings, this practice could inadvertently expose hardcoded API keys or database credentials if they are not managed through environment variables.
Recommendations
- AI detected serious security threats
Audit Metadata