archive
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill constructs shell commands such as 'npx wrangler delete --name ' and 'npx wrangler kv namespace delete --namespace-id ' using data parsed from 'wrangler.jsonc'. Because these values are not sanitized, a maliciously crafted project file could achieve arbitrary command execution via shell metacharacters.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill uses 'npx wrangler', which may download the latest version of the wrangler package from the npm registry at runtime if not already cached. This introduces an unpinned external dependency.
- COMMAND_EXECUTION (LOW): The skill performs high-impact operations including 'git clone', 'git push', and 'gh repo archive' to modify remote project states.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) through attacker-controlled project files. 1. Ingestion points: 'wrangler.jsonc' and 'package.json'. 2. Boundary markers: None. 3. Capability inventory: Subprocess execution of 'npx', 'gh', and 'git'. 4. Sanitization: None detected.
Audit Metadata