Skills
skills/cevio/hile/hile-http/Gen Agent Trust Hub

hile-http

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The framework uses dynamic imports to load controller files from the filesystem.
  • Evidence: src/loader.ts lines 180-184 use import(path) with paths resolved from a glob search in the Loader.from method.
  • Risk: This allows the execution of arbitrary JavaScript/TypeScript code if an attacker can write files to the scanned controller directory.
  • [PROMPT_INJECTION]: The skill provides a framework for handling external HTTP requests, which creates an indirect prompt injection surface.
  • Ingestion points: src/find-my-way.ts and src/controller.ts (via ctx.params, ctx.headers, and ctx.request.body) expose request data to application logic.
  • Boundary markers: No specific boundary markers or 'ignore' instructions are implemented in the framework code to separate data from instructions.
  • Capability inventory: The framework supports dynamic code loading and network service creation.
  • Sanitization: No built-in sanitization or validation of external content is performed; security is deferred to the user implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:27 AM