skill-developer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The architecture described in 'HOOK_MECHANISMS.md' relies on executing local shell scripts (.sh) and TypeScript files (.ts) via 'npx tsx' whenever a user submits a prompt or a tool is used. This establishes a persistent command execution surface on the host system linked to agent activity.
- [PROMPT_INJECTION] (HIGH): The system exposes a high-risk Indirect Prompt Injection surface (Category 8). As documented in 'HOOK_MECHANISMS.md', the hooks process untrusted external data—including user prompts and the content of any file being edited—and inject the results into the AI's context via stdout and stderr. Because these injections are designed to influence agent reasoning and gate tool execution (e.g., blocking 'Edit' or 'Write' operations), a malicious file could include content patterns that trigger instructions to override the agent's safety protocols. The capability tier is HIGH because the system facilitates external data influence over high-privilege tool actions without defined sanitization or boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata