customize
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (HIGH): The skill directs the agent to 'Make changes directly to the code' in the 'src/' directory. This allows for the injection of arbitrary logic into the application's core files (e.g., 'index.ts', 'db.ts'), which constitutes a self-modification vulnerability.
- Indirect Prompt Injection (LOW): The skill is designed to translate untrusted user requests into code modifications without sanitization or sandboxing. 1. Ingestion points: Natural language user prompts. 2. Boundary markers: None present. 3. Capability inventory: File-write access to sensitive source code and service management commands. 4. Sanitization: None identified.
- Persistence (HIGH): The workflow documents the management of macOS LaunchAgents ('~/Library/LaunchAgents/com.nanoclaw.plist'). This provides a standard mechanism for ensuring that any injected malicious code persists across system restarts and user sessions.
- Command Execution (MEDIUM): The skill provides the user with shell commands to 'npm run build' and 'launchctl load', which are necessary steps to activate modified or malicious code in the system environment.
Recommendations
- AI detected serious security threats
Audit Metadata