favicon
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a high-risk vulnerability surface by reading untrusted external project files and using that data to modify application source code.
- Ingestion points: Processes
package.json,site.webmanifest,application.rb, and various HTML/TSX layout files from the user's project directory. - Boundary markers: No delimiters or 'ignore' instructions are used when interpolating external content.
- Capability inventory: Executes shell commands (
magick) and performs file-write operations on multiple layout files. - Sanitization: No validation or escaping is performed on data extracted from project files before it is used in shell commands or HTML templates.
- Command Execution (MEDIUM): The skill invokes system commands (
magick,cp) using the user-provided input$1. This pattern creates a risk of command injection if the input is not strictly validated. - File Modification (MEDIUM): The skill automatically modifies critical project layout files. Automated code editing is inherently risky and can lead to application failure or the introduction of security vulnerabilities if the injected content is malicious.
Recommendations
- AI detected serious security threats
Audit Metadata