deno-project-templates
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The Fresh web app template in SKILL.md and assets/fresh-app/README.md recommends running 'deno run -Ar jsr:@fresh/init'. This command downloads a script from an external registry (JSR) and executes it with the '-A' flag, granting it full system permissions.
- [Privilege Escalation] (HIGH): The CLI tool template (assets/cli-tool/deno.json) configures tasks using the '--allow-all' flag. This grants the application unrestricted access to the host system's resources (files, network, environment) when these tasks are executed.
- [Indirect Prompt Injection] (HIGH): The skill contains an injection surface where user-provided inputs are used in shell commands. Ingestion points: {{PROJECT_NAME}} and {{USERNAME}} placeholders in SKILL.md. Boundary markers: Absent; variables are directly interpolated into command strings. Capability inventory: Execution of 'deno' subprocesses. Sanitization: Absent; the skill does not validate or escape the provided variables before execution.
Recommendations
- AI detected serious security threats
Audit Metadata