Skills
skills/danielbush/skills/effect-ts/Gen Agent Trust Hub

effect-ts

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [Malicious URL Detection] (CRITICAL): Automated scanning (URLite) identified a phishing domain (Layer.su) within the skill's components, representing a high-severity threat.
  • [Command Execution] (MEDIUM): File references/platform/command.md provides detailed methods for executing arbitrary shell commands through @effect/platform/Command, allowing an agent to run system-level operations like 'ls' and 'cat'.
  • [Data Exfiltration] (MEDIUM): The skill demonstrates the ability to read sensitive local files (FileSystem.readFileString) and execute HTTP requests (HttpClient.fetch), creating a functional path for exfiltrating local data to remote endpoints.
  • [Indirect Prompt Injection] (LOW): The skill defines ingestion points for external API data (GET /todos in references/platform/http.md). Ingestion points: External fetch calls to api.example.demo. Boundary markers: None present in the code examples. Capability inventory: Command execution and file system write operations. Sanitization: No evidence of data sanitization or validation of external content.
  • [External Downloads] (LOW): The skill relies on external Node.js dependencies from the @effect and @opentelemetry ecosystems, which increase the attack surface.
Recommendations
  • AI detected serious security threats
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 21, 2026, 09:24 AM