fragments-policy
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
npx fragments govern check --cloudto validate policies and interface with vendor services.\n- [REMOTE_CODE_EXECUTION]: The skill translates natural language descriptions into TypeScript code files within the.fragments/policies/directory, which are subsequently executed using a CLI tool. This dynamic generation and execution of code from untrusted input is a significant behavior.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where user instructions could maliciously influence the generated TypeScript logic.\n - Ingestion points: Design policy descriptions provided in create and edit modes.\n
- Boundary markers: No delimiters or protective instructions are used to isolate the user input during code generation.\n
- Capability inventory: Subprocess execution via
npx, and file write/modification access to.fragments/andfragments.config.ts.\n - Sanitization: No evidence of validation or sanitization of the natural language input before it is used to generate code.
Audit Metadata