prod-ready
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill identifies project types and executes lifecycle scripts such as
pnpm build,pnpm test,pytest, andcargo test. These commands execute arbitrary code defined in the audited project's configuration (e.g.,package.json). If the repository is malicious, this leads to immediate code execution in the agent's environment. - PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: Repository files read via
rgandcat. Boundary markers: None; file contents are read directly into the context. Capability inventory: Significant command execution and file system access. Sanitization: No filtering or sanitization of external content. - EXTERNAL_DOWNLOADS (LOW): Auditing tools like
pnpm auditorcargo auditconnect to external package registries to check for vulnerabilities. While these are trusted sources, they involve network operations. - CREDENTIALS_UNSAFE (INFO): The skill searches for secrets like API keys. While this is its intended purpose, it results in the exposure of sensitive credentials to the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata