sc-implement
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted feature descriptions to drive high-privilege codebase modifications.\n
- Ingestion points: Processes the 'feature-description' argument and performs codebase analysis via 'Read' and 'Glob' tools.\n
- Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the input.\n
- Capability inventory: Employs 'Write', 'Edit', 'MultiEdit', and 'Task' tools for direct filesystem modification.\n
- Sanitization: Absent; no validation or escaping of input data is defined before it influences code generation.\n- COMMAND_EXECUTION (LOW): The skill leverages internal agent tools and coordinates with external MCP servers (Magic, Context7, Sequential). While typical for development, these capabilities represent the high-privilege tier that elevates the severity of the injection vulnerability.
Recommendations
- AI detected serious security threats
Audit Metadata