skills/jeremylongshore/claude-code-plugins-plus-skills/torchserve-config-generator/Gen Agent Trust Hub
torchserve-config-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection because it combines high-privilege write/execute capabilities with the processing of untrusted external content. 1. Ingestion points: User requests matching trigger phrases for TorchServe configuration. 2. Boundary markers: None present. 3. Capability inventory: Bash, Write, and Edit tools (allowed-tools). 4. Sanitization: None identified.
- [COMMAND_EXECUTION] (HIGH): The manifest requests access to powerful tools like Bash and Write, which allow for potential system compromise if the agent is manipulated by malicious instructions.
- [NO_CODE] (INFO): No implementation scripts (Python, Shell, etc.) were provided; the analysis is based on the manifest's documentation and requested permissions.
Recommendations
- AI detected serious security threats
Audit Metadata