project-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and analyze untrusted external data (project files, READMEs, code comments) and has high-privilege capabilities including file reading (secrets/configs) and script execution. There are no boundary markers or explicit instructions provided to the agent to prevent malicious instructions inside the analyzed codebases from hijacking the session.
- [COMMAND_EXECUTION] (HIGH): The skill explicitly directs the agent to execute a local Python script (
scripts/analyze_project.py) and system tools likegrep. Because the script's source code is not included in the provided files, its safety cannot be verified. This constitutes an unverified command execution path. - [DATA_EXFILTRATION] (MEDIUM): The analysis workflow encourages the agent to read sensitive configuration and environment files (e.g.,
.env,.env.example,package.json). In the event of an indirect prompt injection, this sensitive data can be easily exfiltrated by a malicious command embedded in the codebase being analyzed.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata