Skills
skills/jovermier/claude-code-plugins-ip-labs/pm2-test-services/Gen Agent Trust Hub

pm2-test-services

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [Command Execution] (HIGH): The 'scripts/show-test-urls.js' file uses 'execSync' to run system commands using variables from 'process.env' (e.g., CODER_WORKSPACE, CODER_OWNER) without sanitization. This permits command injection via malicious environment variable values.
  • [Indirect Prompt Injection] (HIGH): The skill possesses a high capability surface (subprocess execution) and ingests untrusted environment data. Ingestion point: 'process.env' in 'scripts/show-test-urls.js'. Boundary markers: Absent. Capability inventory: 'execSync'. Sanitization: Absent.
  • [Dynamic Execution] (MEDIUM): The skill instructions involve the creation and runtime execution of dynamic JavaScript scripts and PM2 configuration files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:56 PM