angular-best-practices-v20
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill facilitates Indirect Prompt Injection by instructing the AI to process and refactor untrusted Angular code without defining protective delimiters or safety rules. \n
- Ingestion points: Angular components, services, and templates provided by the user for refactoring (SKILL.md). \n
- Boundary markers: Absent. There are no instructions to use delimiters or specific boundaries for untrusted data. \n
- Capability inventory: Writing and refactoring code, which typically involves file-write and command execution permissions in agentic environments. \n
- Sanitization: None. The skill does not describe any validation or filtering of input code. \n- [Dynamic Execution] (MEDIUM): The 'rules/bundle-defer-third-party.md' rule provides a code template for dynamic script loading via 'document.createElement("script")'. While common for analytics, this pattern enables remote code execution in the resulting application and represents a vulnerability if an attacker can influence the script source URL through prompt manipulation.
Recommendations
- AI detected serious security threats
Audit Metadata