pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is designed to orchestrate workflows by executing shell commands and local CLI tools such as
gemini,claude, andnpx. This is the intended primary purpose of the skill. - [EXTERNAL_DOWNLOADS] (LOW): The scripts utilize
npxto executeeslintandtsc. By default,npxmay download these packages from the npm registry if they are not found in the local environment. - [PROMPT_INJECTION] (LOW): (Category 8
- Indirect Prompt Injection) The skill exhibits a significant attack surface for indirect prompt injection by interpolating untrusted data into LLM prompts.
- Ingestion points: Command-line arguments (
$INPUT,$TOPIC) and local file contents (read viacat "$FILE") are used as variables. - Boundary markers: None. The skill does not use delimiters (like XML tags or triple backticks) or instructions to the LLM to ignore embedded commands within the variables.
- Capability inventory: The pipeline has the capability to read files (
cat), execute shell logic, and run node packages (npx). - Sanitization: There is no evidence of sanitization, escaping, or validation of the input data before it is passed to the LLM engines.
Audit Metadata