Skills
skills/famaoai-creator/gemini-skills/onboarding-wizard/Gen Agent Trust Hub

onboarding-wizard

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the project's package.json file.
  • Ingestion points: In src/index.ts, the skill reads the package.json file from the directory provided in the dir argument to extract the name field.
  • Boundary markers: The extracted project name is interpolated directly into a Markdown template in the quickStart return value without any delimiters or instructions for the agent to ignore embedded commands.
  • Capability inventory: The skill generates Markdown output that is interpreted by the agent's core processing loop.
  • Sanitization: There is no validation or escaping of the projectName variable before it is placed into the Markdown string.
  • [COMMAND_EXECUTION]: The skill's library logic in src/lib.ts generates a setup step recommending the user run node scripts/init_wizard.cjs. This script is not present in the provided skill files, creating a risk where the skill might inadvertently encourage the execution of malicious code if the target repository has been compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 10:51 PM