simplify-implementation
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npx ai-devkit@latest, which downloads a package from the npm registry at runtime. - [REMOTE_CODE_EXECUTION]: Executing an unpinned package version (
@latest) vianpxallows for the execution of remote code that could be modified at the source, posing a supply chain risk. - Evidence:
npx ai-devkit@latest memory searchin SKILL.md. - [COMMAND_EXECUTION]: The skill constructs a shell command using user-provided input (
<target area>), which could lead to command injection if the input is not properly escaped by the agent or the tool. - Evidence:
npx ai-devkit@latest memory search --query "<target area>"in SKILL.md. - [PROMPT_INJECTION]: The skill processes untrusted external code (indirect prompt injection surface) and lacks specific safety constraints or delimiters to prevent embedded instructions from influencing the agent's behavior.
- Ingestion points: Reads and analyzes existing code implementations (SKILL.md).
- Boundary markers: Absent. No delimiters are used to wrap the code being analyzed.
- Capability inventory: Can execute CLI commands via
npx. - Sanitization: Absent. There is no instruction to validate or sanitize the code or the search query generated from user input.
Audit Metadata