preline-theme-generator
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The agent workflow in
SKILL.md(Steps 3 and 4) explicitly mandates 'AUTO-RUN, NO PROMPT' execution of shell commands. Step 3 interpolates user-provided data like<theme-name>into anechocommand using single quotes without sanitization. A malicious user can provide a value containing a single quote to terminate the string and inject arbitrary shell commands. - EXTERNAL_DOWNLOADS (MEDIUM): Step 4 recommends using
npx preline-theme-generator, which fetches and executes a package from the npm registry. As this package is not from a trusted organization defined in the safety scope, it represents an unverifiable dependency risk. - PROMPT_INJECTION (LOW): The instructions use 'NO PROMPT' directives to suppress standard safety confirmation loops, attempting to bypass agent guardrails for sensitive filesystem and execution tasks.
- DATA_EXFILTRATION (LOW): The skill uses
findto traverse the user's local project directories. While intended for path discovery, this capability could be exploited for unauthorized information gathering if combined with other malicious patterns.
Recommendations
- AI detected serious security threats
Audit Metadata