new-user
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill constructs a shell command
npx medusa user -e <email> -p <password>using direct interpolation of user-provided arguments. This is vulnerable to command injection if the input is not strictly sanitized by the agent, allowing an attacker to execute arbitrary commands by including shell metacharacters in the email or password fields. - EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on
npxto execute themedusapackage. By default,npxfetches packages from the public npm registry, which involves the download and execution of unverifiable remote code at runtime. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted user input that is then used in a sensitive capability (shell execution).
- Ingestion points: User-provided email and password arguments.
- Boundary markers: None (arguments are placed directly into the command template).
- Capability inventory: Full Bash command execution (Bash(npx medusa user:*)).
- Sanitization: None described in the skill instructions.
Audit Metadata