gitignore-generator
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses string interpolation to build a
curlcommand:curl -sL https://www.toptal.com/developers/gitignore/api/{template_id} > .gitignore. The{template_id}variable is provided by the user and is not sanitized or validated against the allowed list of templates. This lack of sanitization allows for shell injection, where an attacker can execute arbitrary commands by injecting shell metacharacters like;,&, or|. - [EXTERNAL_DOWNLOADS]: The skill fetches gitignore templates from
www.toptal.com, which is the domain for the well-known gitignore.io service.
Recommendations
- AI detected serious security threats
Audit Metadata