status-from-accent
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill uses
npx @basiclines/rampa, which downloads and executes code from the npm registry at runtime. The organization '@basiclines' is not a trusted source, and there is no version pinning or integrity checking for this external dependency. - [Indirect Prompt Injection] (HIGH):
- Ingestion points: The skill ingests untrusted user input via the
<brand-color>parameter inSKILL.md. - Boundary markers: Absent. There are no instructions to the agent to validate or sanitize the input string.
- Capability inventory: The skill uses shell execution (
rampa -C "<brand-color>" ...). - Sanitization: Absent. The lack of sanitization allows an attacker to provide a malicious string (e.g.,
#000"; command_injection #) to escape the color flag and execute arbitrary shell commands. - [Command Execution] (HIGH): The core functionality of the skill depends on spawning subprocesses to run the
rampaCLI. This provides a direct path for privilege escalation or data exfiltration if the input interpolation is exploited.
Recommendations
- AI detected serious security threats
Audit Metadata