Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/fixture-generator/Gen Agent Trust Hub

fixture-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill triggers on untrusted user input while possessing high-privilege capabilities, creating an exploitable surface. Evidence: 1. Ingestion points: User requests triggered by keywords in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, and Read tools. 4. Sanitization: Absent.
  • [Command Execution] (MEDIUM): The skill requests access to the 'Bash' tool. Without specific constraints on how the agent interprets user data for this tool, it risks executing malicious commands embedded in user requests.
  • [No Code] (INFO): No executable scripts are provided in the skill; all risk is derived from the metadata configuration and the agent's interpretation of its instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:49 AM