material-component-doc
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data from the local filesystem and user prompts to generate executable code.
- Ingestion points: Reads material source code from
packages/materials/form-materials/src/componentsand collects usage examples/requirements from users. - Boundary markers: The skill lacks instructions for the agent to use delimiters or ignore embedded instructions within the source code or user-provided examples.
- Capability inventory: The agent is authorized to write
.tsxand.mdxfiles toapps/docs/and is encouraged to execute local commands likerush dev:docs. - Sanitization: There are no sanitization steps to ensure that malicious instructions hidden in the source code comments or user examples do not influence the agent's output or command execution.
- Command Execution (MEDIUM): The skill instructs the agent to use CLI tools (
rush,git) and execute development commands. While standard for this workflow, the lack of isolation when processing untrusted code makes this a secondary risk vector for local environment manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata