coding-guidelines-gen
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection because it ingests untrusted filesystem structures (directory names and project markers) and uses this data to modify sensitive build files. 1. Ingestion points: scripts/scan_modules.py scans the local directory. 2. Boundary markers: Absent. 3. Capability inventory: Modifying build.gradle/pom.xml and generating AGENTS.md files with runnable commands. 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (MEDIUM): The skill generates runnable shell commands for formatting, linting, and testing within AGENTS.md files. These commands are derived from detected project markers and could be manipulated by malicious file structures.
- [EXTERNAL_DOWNLOADS] (LOW): The workflow suggests installing Python and adding external build system plugins like Spotless.
Recommendations
- AI detected serious security threats
Audit Metadata