faion-devtools-developer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant surface for Indirect Prompt Injection (Category 8). It ingests untrusted external data via 'web scraping', 'browser automation', and 'code review' (SKILL.md). It lacks explicit boundary markers or instructions to ignore embedded commands. When combined with its allowed-tools list—specifically
Bash,Write, andEdit—it creates a scenario where malicious content in a scraped page or code snippet could potentially execute commands or modify the filesystem. - [COMMAND_EXECUTION] (MEDIUM): The skill explicitly includes
Bashin itsallowed-toolslist to facilitate CI/CD pipelines and browser automation (Puppeteer/Playwright). While these are functional requirements, they represent a high-impact capability that can be abused if the agent's instructions are overridden.
Recommendations
- AI detected serious security threats
Audit Metadata