javascript-ember
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill instructions facilitate Indirect Prompt Injection by mandating strict adherence to external documentation fetched via an MCP.\n- Ingestion points: The agent is directed to query 'context7 MCP' for project patterns (as described in the README.md sections on context7 integration).\n- Boundary markers: None; the skill explicitly commands the agent to 'Follow the returned guidelines exactly' and 'apply documentation exactly.'\n- Capability inventory: The agent possesses the capability to modify, create, and structure application code files and testing suites on the local filesystem.\n- Sanitization: No validation or sanitization of the documentation content returned by the MCP is mentioned or implemented.\n- Risk: Malicious instructions hidden in project documentation or documentation-as-code could lead the agent to generate insecure code, implement backdoors, or perform unauthorized file operations while believing it is following legitimate project conventions.
Recommendations
- AI detected serious security threats
Audit Metadata