kuroco-frontend-integration
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes local shell commands (npm, zip, curl) that incorporate dynamic variables such as artifact paths and presigned URLs, creating a surface for command injection.
- [REMOTE_CODE_EXECUTION]: The workflow relies on tools to execute arbitrary JavaScript within a browser tab to perform administrative API requests using the user's active session.
- [DATA_EXFILTRATION]: Local project data is bundled into ZIP archives and transmitted to external AWS S3 storage via curl as part of the deployment lifecycle.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata