ship-sails-app
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The preamble section contains a shell script designed to be executed by the agent. This script performs file system searches and executes a binary named vara-skills-update-check.
- [REMOTE_CODE_EXECUTION]: The preamble script searches for an executable in multiple locations, including relative paths such as .claude/skills/vara-skills. This allows a malicious repository to provide a rogue binary that the agent will execute, leading to arbitrary code execution on the user's system.
- [REMOTE_CODE_EXECUTION]: The skill instructions recommend running npx create-vara-app, which downloads and executes external code from the npm registry at runtime.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted repository data to guide agent actions.
- Ingestion points: Repository state, project layout, and Sails IDL files are used as input for the agent's tasks.
- Boundary markers: No explicit delimiters or safety instructions are used to distinguish project data from agent instructions.
- Capability inventory: The skill allows the agent to execute shell commands, cargo builds, and npx scripts based on the ingested data.
- Sanitization: No validation or sanitization of project artifacts (like IDL files) is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata