security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). \n
- Ingestion points: The skill reads untrusted project files such as
package-lock.json,requirements.txt, andCargo.lockin Steps 1-3. \n - Boundary markers: Absent. There are no instructions provided to the agent to treat data extracted from these files as untrusted or to ignore embedded commands. \n
- Capability inventory: The skill possesses the capability to execute shell commands (native audit tools) and perform web searches using external subagents (Steps 2-4). \n
- Sanitization: Absent. Dependency names and metadata are used directly in search queries and report generation without validation or escaping. \n
- Impact: An attacker could craft a malicious lock file with package names designed to hijack the agent's logic, potentially leading to unauthorized web requests or manipulation of the final security report. \n- COMMAND_EXECUTION (MEDIUM): The skill explicitly instructs the agent to run various shell commands (e.g.,
npm audit,pip-audit,cargo audit). While these are standard security tools, they execute in the user's local environment. If an audit tool itself is vulnerable to a malicious project configuration, this skill facilitates that execution path.
Recommendations
- AI detected serious security threats
Audit Metadata