meta-prompter
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes bash commands that interpolate user input directly into a shell string without sanitization, making it vulnerable to command injection. Evidence: 'npx meta-prompter-mcp "$ARGUMENTS"' in SKILL.md.
- [COMMAND_EXECUTION]: The skill uses 'node -e' to execute a JavaScript string that interacts with the file system to extract configuration data. Evidence: 'node -e "const fs=require('fs')..."' in references/rules.md.
- [EXTERNAL_DOWNLOADS]: The skill downloads and runs the 'meta-prompter-mcp' package from the public NPM registry using npx. Evidence: 'npx meta-prompter-mcp' in SKILL.md.
- [DATA_EXFILTRATION]: The skill reads from a configuration file located at '~/.codex/config.toml' in the user's home directory. Evidence: 'fs.readFileSync(require('os').homedir()+'/.codex/config.toml','utf8')' in references/rules.md.
- [REMOTE_CODE_EXECUTION]: The use of npx to run remote packages combined with the lack of input sanitization in the command line execution poses a significant risk of remote code execution.
Recommendations
- AI detected serious security threats
Audit Metadata