error-tracking
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The CI/CD release script in Step 6 is vulnerable to shell command injection. It parses the version from package.json and injects it unquoted into shell commands. This allows an attacker with control over the repository's package.json to execute arbitrary code.
- [DATA_EXFILTRATION] (MEDIUM): Example code in Steps 3 and 4 contains SQL injection vulnerabilities where URL parameters are directly concatenated into database queries. This creates a risk of sensitive data being queried and subsequently exfiltrated to the Sentry service through the skill's error reporting functions.
- [PROMPT_INJECTION] (LOW): The skill identifies a significant attack surface for indirect prompt injection. 1. Ingestion points: URL parameters (req.params.id, order_id) and package.json version field. 2. Boundary markers: None present. 3. Capability inventory: Database access (db.query) and shell execution (sentry-cli). 4. Sanitization: Absent for query construction and shell commands, although PII filtering is present for Sentry reporting.
Recommendations
- AI detected serious security threats
Audit Metadata