help-beacon
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The generated API route recursively reads files from a path defined in
help.config.json(articlesDir) and sends their contents to the Anthropic API. If this directory is maliciously or accidentally pointed to sensitive locations (e.g.,.ssh/,.env, or/etc/), private credentials and system information will be exfiltrated to the AI provider and potentially the chat user. \n- [PROMPT_INJECTION] (HIGH): The skill creates an indirect prompt injection surface (Category 8). Ingestion points: User-provided messages and local documentation files. Boundary markers: Minimal string separators are used, which are insufficient for adversarial inputs. Capability inventory: The generated code has filesystem read and network request capabilities. Sanitization: No sanitization or validation is performed on the user input before it is sent to the AI model. \n- [COMMAND_EXECUTION] (MEDIUM): The skill performs automated file system operations to scaffold components and API routes into the user's project. The lack of explicit path validation during the file-writing process poses a risk of overwriting critical project files if the framework detection or configuration is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata