faion-automation-tooling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines extensive surfaces for processing untrusted external data via web scraping and user-controlled parameters in feature flags. Templates lack input validation or boundary delimiters, creating a risk of the agent obeying embedded malicious instructions. Ingestion occurs in 'cd-basics/README.md' and 'web-scraping/README.md' across several automated tasks.
- [Remote Code Execution] (HIGH): The methodology encourages the installation of software packages directly from arbitrary, unverified git repositories, bypassing security controls of official registries. Evidence found in 'pnpm-package-management/README.md' (pnpm add github:user/repo).
- [Command Execution] (LOW): The skill uses system-level commands for deployment and testing as part of its stated purpose. Evidence includes 'kubectl' and 'docker' usage in 'cd-pipelines/README.md' which are standard for CD workflows.
Recommendations
- AI detected serious security threats
Audit Metadata