arcanea-coding-agent
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill design exhibits a high-risk Indirect Prompt Injection surface (Category 8). \n
- Ingestion points: Documentation specifies agents ingest untrusted data from the user's 'current file/project' and 'selected code' across any file. \n
- Boundary markers: No delimiters or isolation techniques are described to separate untrusted content from system instructions. \n
- Capability inventory: The agent can modify code ('improve this selected code') and execute 'opencode editor commands' (e.g., 'arcanea:invoke'). \n
- Sanitization: No mention of sanitization or filtering for ingested file content. \n- COMMAND_EXECUTION (MEDIUM): The documentation defines several commands that integrate with the editor environment. Without implementation code, the safety of command argument parsing cannot be verified. \n- NO_CODE (INFO): The provided skill consists only of a markdown documentation file; all functional code, architecture, and UI files are missing, preventing verification of the stated capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata