code-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection. It reads project source files (.ts, .tsx) which are untrusted external data. Because the skill possesses the Edit (file modification) and Bash (command execution) tools, an attacker could embed malicious instructions within the code to force the agent to perform unauthorized actions. Ingestion points: Read and Grep tools are used to scan project files. Boundary markers: No delimiters or instructions are used to isolate code from potential instructions. Capability inventory: Access to Edit and Bash tools provides a high-impact exploitation path. Sanitization: No sanitization or validation of the file content is performed before processing.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes shell commands via npm scripts (npm run typecheck, npm run lint). This creates a dependency on the integrity of the local environment and the package.json file, which if compromised, could lead to arbitrary command execution.
Recommendations
- AI detected serious security threats
Audit Metadata