frontend-test
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data (component source code) and possesses high-privilege capabilities including
Bashexecution and fileWriteaccess. - Ingestion points: Source code of components being tested (SKILL.md).
- Capability inventory:
Bash,Write,Edit,Read,Grep,Glob(SKILL.md). - Boundary markers: Absent. There are no instructions for the agent to ignore instructions embedded within the component code.
- Sanitization: Absent. No validation or filtering of input code before processing.
- Risk: A malicious component file could contain instructions designed to hijack the agent's logic to execute arbitrary shell commands or write malicious scripts to the filesystem.
- [Command Execution] (MEDIUM): The skill explicitly allows the
Bashtool. While necessary for some development tasks, its inclusion in a skill that processes user-provided code increases the risk of command injection if the agent is not strictly constrained.
Recommendations
- AI detected serious security threats
Audit Metadata