tools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill creates a significant surface for Indirect Prompt Injection. It instructs the agent to read untrusted content from the web (search_web, read_url_content) and files (view_file) without providing boundary markers or sanitization guidelines. Combined with the recommended write and execute capabilities (run_command, replace_file_content), this allows external data to potentially hijack the agent's execution flow. * Ingestion points: search_web, read_url_content, view_file, grep_search. * Boundary markers: Absent. * Capability inventory: run_command, replace_file_content, write_to_file. * Sanitization: Absent.
- COMMAND_EXECUTION (MEDIUM): The skill incorrectly lists commands like 'npm run build' and 'npm run lint' as 'Always Safe' (SafeToAutoRun: true). Build scripts and linting configurations in untrusted repositories are known vectors for executing arbitrary malicious code.
Recommendations
- AI detected serious security threats
Audit Metadata