senior-frontend
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): High risk of indirect prompt injection. The skill is designed to analyze and review external frontend code. Ingestion points: 'scripts/bundle_analyzer.py ', 'scripts/frontend_scaffolder.py', and general code review tasks. Boundary markers: Absent. Capability inventory: execution of local python scripts, 'npm install', 'docker build', and 'kubectl apply'. Sanitization: Absent. Maliciously crafted source code in a target repository could contain instructions to exploit these capabilities.
- COMMAND_EXECUTION (MEDIUM): The skill invokes local Python scripts in the 'scripts/' directory that handle user-provided paths. This poses a risk if the scripts do not properly validate inputs before execution.
- COMMAND_EXECUTION (HIGH): The skill includes instructions for high-privilege operations including 'docker build' and 'kubectl apply'. If an agent is tricked via indirect prompt injection, these tools could be used to compromise infrastructure.
- EXTERNAL_DOWNLOADS (LOW): Standard use of 'npm install' and 'pip install' for dependency management is noted as a necessary but inherent risk factor for supply chain attacks.
Recommendations
- AI detected serious security threats
Audit Metadata