api-boilerplate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data (project names, middleware choices, etc.) and interpolates it directly into file paths and source code content. Ingestion points: File SKILL.md, workflow steps 2-4. Boundary markers: None. Capability inventory: Write and Read tools (file system access). Sanitization: None. This allows an attacker to perform path traversal or inject malicious logic into the generated code.
- Dynamic Execution (HIGH): The skill creates executable script files (.js, .py) based on templates populated by user input. Evidence: Step 4 ('创建文件') and Example Output showing 'npm start' instructions. Risk: Malicious instructions in user input could lead to the generation of a backdoor or malware within the 'boilerplate' which is then executed by the developer.
- Command Execution (HIGH): While the skill does not call shell commands itself, its primary purpose is to write executable files to the host environment. The 'Write' tool combined with unsanitized user-controlled variables represents a significant risk for unauthorized file creation and system manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata