zero-to-hero
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous shell commands for filesystem discovery and system inspection (e.g., find, grep, ls, tree).
- [CREDENTIALS_UNSAFE]: The instructions explicitly target sensitive files such as .env and various .*rc files for inspection and suggest loading them into the environment (e.g., export $(cat .env | xargs)), which risks exposing secrets such as API keys and database credentials.
- [EXTERNAL_DOWNLOADS]: The skill encourages running package managers (npm install, pip install, etc.) that download code from remote registries based on untrusted configuration files found in unknown projects.
- [REMOTE_CODE_EXECUTION]: By directing the agent to run project-specific build or dev scripts (npm run dev, python manage.py runserver) on unfamiliar projects, the skill creates a risk of arbitrary code execution from malicious codebases.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted project data without sufficient sanitization.
- Ingestion points: Local project files read via cat and grep.
- Boundary markers: Absent; there are no instructions to ignore malicious directives found within files.
- Capability inventory: Subprocess calls, package installation, and network access via dev servers.
- Sanitization: Absent; content is analyzed directly without filtering.
Recommendations
- AI detected serious security threats
Audit Metadata