Skills
skills/bratsos/zodipus/zodipus-troubleshooting/Gen Agent Trust Hub

zodipus-troubleshooting

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill reads user-supplied error logs and descriptions which can be manipulated to trigger malicious actions in an agent equipped with shell execution capabilities.
  • Ingestion points: User input regarding failures and log snippets (SKILL.md).
  • Boundary markers: Absent. No markers or safety instructions are provided to isolate untrusted user data.
  • Capability inventory: Subprocess calls for npm, npx, mkdir, and chmod (SKILL.md, ERROR-REFERENCE.md).
  • Sanitization: Absent.
  • [Remote Code Execution] (HIGH): The skill uses npx to download and execute code from unverified packages. Evidence: npx zodipus inspect and npx zodipus generate (SKILL.md).
  • [External Downloads] (MEDIUM): The skill installs zodipus and prisma packages from non-whitelisted sources. Evidence: npm install zodipus and npm update prisma (SKILL.md, ERROR-REFERENCE.md).
  • [Command Execution] (MEDIUM): The skill performs file system modifications and permission updates on local directories. Evidence: mkdir -p ./generated and chmod 755 ./generated (ERROR-REFERENCE.md).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:35 AM