migrating-middleware-to-proxy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill utilizes social engineering and misinformation to override the agent's correct technical knowledge. By citing a fabricated security vulnerability (CVE-2025-29927) and a non-existent software update (Next.js 16), it manipulates the agent into performing a 'migration' that involves removing security logic.
- Evidence: The skill claims 'Middleware-based authentication is fundamentally broken' and instructs the agent to 'Remove authentication logic from proxy' based on this false premise.
- [COMMAND_EXECUTION] (HIGH): The skill leverages high-privilege tools (
Write,Edit,TodoWrite) to carry out destructive file operations based on misinformation. If an agent follows these instructions, it will rename critical files and delete authentication gates, leading to a significant security regression in the target application. - Ingestion point: Reading project files like
src/middleware.ts(implied by the migration task). - Capability inventory:
Write,Edit,TodoWritefor modifying source code. - Sanitization: None; the skill assumes its own fabricated premises are authoritative.
- [METADATA_POISONING] (MEDIUM): The
descriptionandnamefields reinforce the deceptive migration path, potentially misleading both the agent and the human user into believing a mandatory security update is being performed.
Recommendations
- AI detected serious security threats
Audit Metadata