full-stack-optimizer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill relies on executing local shell commands via 'npm run' (e.g., 'optimize:analyze', 'optimize:implement'). This grants the agent the ability to execute arbitrary code defined in the project's 'package.json' and modify the local filesystem.
- [PROMPT_INJECTION] (HIGH): (Category 8: Indirect Prompt Injection). This skill has a large vulnerability surface as it processes untrusted data (the application codebase) and possesses high-privilege write capabilities (modifying code). Evidence Chain: 1. Ingestion points: Processes frontend, backend, and database files across the application. 2. Boundary markers: No delimiters or instructions are specified to separate code-under-test from agent logic. 3. Capability inventory: Modifies source code and executes tests/builds via 'npm'. 4. Sanitization: No evidence of filtering for adversarial instructions within the analyzed code.
- [DATA_EXFILTRATION] (MEDIUM): The skill performs deep analysis of sensitive components like database schemas and security logic. Although no network exfiltration is explicitly documented, the high-privilege access to the entire codebase creates a significant risk if the agent is manipulated into sending data externally.
Recommendations
- AI detected serious security threats
Audit Metadata