building-blocks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection because it directs the agent to ingest external content (via curl) and use it to inform implementation steps. Without boundary markers or sanitization, malicious instructions in the content could lead the agent to write backdoored code into core files like scripts.js.
- COMMAND_EXECUTION (MEDIUM): The skill uses bash commands (mkdir, touch, curl) for project setup. If the parameters for these commands are influenced by untrusted external data, it could lead to arbitrary file manipulation.
- REMOTE_CODE_EXECUTION (MEDIUM): Guidelines in resources/js-guidelines.md promote dynamic script loading (loadScript) and module imports, which are potential vectors for executing external malicious code if URLs are not strictly validated.
Recommendations
- AI detected serious security threats
Audit Metadata