materal-enum-adapter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection through the processing of external JSON data used to generate source code. 1. Ingestion points: The generate command reads JSON files (e.g., translations.json) often produced by external AI services. 2. Boundary markers: None identified. 3. Capability inventory: The adapter.js script can overwrite local TypeScript files in the output directory. 4. Sanitization: No mention of sanitizing input strings (like englishName) before they are interpolated into TypeScript files, allowing for arbitrary code injection.
- [COMMAND_EXECUTION] (MEDIUM): The workflow requires the user to execute a local Node.js script that performs sensitive file system and network operations.
- [DATA_EXFILTRATION] (LOW): The fetch command initiates outbound network requests to user-provided URLs, which could be exploited for unauthorized network access or SSRF.
Recommendations
- AI detected serious security threats
Audit Metadata