blueprintkit
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
.claude/skills/blueprintkit/webapp-testing/scripts/with_server.pyutilizessubprocess.Popenwithshell=Trueto execute arbitrary commands for starting and managing development servers. This provides a broad shell execution surface that could be misused. - [COMMAND_EXECUTION]: The script
.claude/skills/blueprintkit/web-artifacts-builder/scripts/init-artifact.shmodifies the global system environment by executingnpm install -g pnpmif the package manager is not found during project initialization. - [EXTERNAL_DOWNLOADS]: Multiple automation scripts in the
web-artifacts-builderandci-cd-pipeline-builderskills download and install a large number of external dependencies from public registries (npm) during project setup and bundling operations. - [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. 1. Ingestion points: The
webapp-testingskill reads raw content from web pages using Playwright'spage.content(). 2. Boundary markers: Absent; there are no explicit instructions to the agent to treat the ingested web content as untrusted or to ignore instructions embedded within it. 3. Capability inventory: The skill possesses significant command execution capabilities viawith_server.pyandinit-artifact.sh. 4. Sanitization: Absent; ingested data is used directly for element discovery and reconnaissance without validation or escaping.
Audit Metadata