dev
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides direct access to the Bash tool, allowing the execution of any system command, which grants the agent broad control over the environment and file system.- [COMMAND_EXECUTION]: Demonstrates the use of language interpreters (bun, node, python) to execute code passed as command-line arguments, facilitating the execution of unverified and dynamically generated logic.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads data from local files (e.g., package.json) that could contain malicious instructions intended to influence the agent's behavior. \n
- Ingestion points: File reading via 'cat' and 'readFileSync' examples. \n
- Boundary markers: None present in the provided templates. \n
- Capability inventory: Full bash execution, file system write access, and runtime code execution. \n
- Sanitization: No sanitization or validation of the content read from files is performed.
Audit Metadata