senior-backend
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is designed to analyze and process untrusted external content, including backend code, database schemas, and API definitions. * Ingestion points: Files located in
<project-path>,<target-path>, or the current directory. * Boundary markers: None identified; instructions do not include delimiters to separate untrusted data from agent logic. * Capability inventory: Full subprocess execution viapython3, plus access todockerandkubectlfor deployment. * Sanitization: No sanitization or validation of the analyzed content is mentioned, creating a high-severity surface for indirect prompt injection where malicious code could override agent behavior during review or scaffolding tasks. - [COMMAND_EXECUTION] (HIGH): The skill documentation references several automated Python scripts (
api_scaffolder.py,database_migration_tool.py,api_load_tester.py) that perform complex file and network operations. Since the source code for these scripts is not provided in the skill package, their internal logic and potential for arbitrary command execution cannot be verified. - [EXTERNAL_DOWNLOADS] (MEDIUM): The development workflow requires executing
npm installandpip install -r requirements.txt. These commands download unverified third-party dependencies from public registries, which can lead to supply chain attacks if dependencies are not strictly pinned and audited.
Recommendations
- AI detected serious security threats
Audit Metadata