mesh-security
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Potential for indirect prompt injection via untrusted configuration files. The skill ingests YAML and JSON data from external mesh configurations which are then parsed and displayed to the agent context.\n
- Ingestion points:
lib/analyzer-wrapper.jsreads user-specified files viafs.readFileSync.\n - Boundary markers: Absent in the provided scripts or prompts. The skill does not utilize delimiters or warnings to ignore embedded instructions in the configuration data.\n
- Capability inventory:
lib/analyzer-wrapper.jsperforms file reads;mesh-remediation.mdindicates the skill has file modification capabilities via theremediation-engine.jscomponent.\n - Sanitization: Absent. The skill uses
js-yamlfor parsing but does not provide specific sanitization of external content before interpolation into the agent's prompt.\n- COMMAND_EXECUTION (LOW): The skill documentation instructs the agent to execute local Node.js scripts for analysis, remediation, and reporting. While this is the intended functionality, it grants the agent the ability to execute code that interacts with the local filesystem.\n- DATA_EXPOSURE (LOW): Theanalyzer-wrapper.jsscript reads arbitrary files based on the path provided to the command line. An agent could potentially be manipulated into reading sensitive system files if directed to a non-configuration path.
Audit Metadata