angular-developer
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains a direct command injection vulnerability in SKILL.md. It instructs the agent to execute 'npx @angular/cli@<requested_version> ng new ', where the version is taken directly from user input without validation or escaping.
- [COMMAND_EXECUTION]: The instruction in SKILL.md to 'Always run ng build' after code generation creates a significant risk. In an agentic workflow, this bypasses user review of the generated code. If the agent is tricked into generating a malicious package.json or angular.json (via indirect prompt injection), the build process will execute attacker-controlled code.
- [PROMPT_INJECTION]: The skill exhibits a Category 8 (Indirect Prompt Injection) surface. 1. Ingestion points: Project files, package.json, and user-supplied version strings in SKILL.md. 2. Boundary markers: Absent; there are no instructions to ignore embedded commands in analyzed data. 3. Capability inventory: Execution of ng build, ng new, and npx commands across SKILL.md and cli.md. 4. Sanitization: Absent; the skill lacks any validation or sanitization of the data it processes before passing it to shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata