favicon
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interpolates the user-provided argument $1 directly into shell commands (e.g., 'magick "$1"' and 'cp "$1"'). If the path provided by a user or an attacker contains shell metacharacters, it could lead to arbitrary command execution depending on the agent's execution environment.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface.
- Ingestion points: The skill reads application names and configuration data from package.json, site.webmanifest, and Rails configuration files.
- Boundary markers: No delimiters or protective instructions are used to prevent the agent from interpreting content within these files as instructions.
- Capability inventory: The skill can execute shell commands via ImageMagick, create new files, and modify existing project source code (HTML, TypeScript, and Ruby files).
- Sanitization: No sanitization or validation is applied to the data extracted from project files before it is interpolated into manifest files and HTML layouts.
Audit Metadata