source-driven
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection to execute a shell command (
cat package.json | grep ...) when the skill is loaded. This is used to automatically identify the project's dependencies and their versions. This command is restricted to reading the manifest file and does not use untrusted input. - [EXTERNAL_DOWNLOADS]: The skill's workflow requires the agent to fetch documentation from external URLs (e.g., via WebFetch). This is a core functionality intended to provide the agent with accurate API information for specific library versions.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external documentation and local source code from
node_modules. 1. Ingestion points: External doc URLs via WebFetch and library files in thenode_modules/directory. 2. Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions for the ingested content. 3. Capability inventory: The agent has the ability to read and write files and perform network requests. 4. Sanitization: There are no instructions for sanitizing or validating the content retrieved from external documentation sites before it is interpreted by the agent.
Audit Metadata