Generate Frontend Wiring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) as it processes untrusted content from file source code and metadata without adequate isolation. Evidence Chain: 1. Ingestion points: Reads local files including package.json, plugin.ts, and index.ts (SKILL.md Step 1). 2. Boundary markers: Absent; there are no instructions to delimit untrusted content or treat it as data only. 3. Capability inventory: The agent has the capability to read files and is specifically instructed to ask the user to save/write the generated configuration (SKILL.md Step 5). 4. Sanitization: No sanitization is performed on data extracted from the files before it is included in the output YAML.
- DATA_EXFILTRATION (MEDIUM): The lack of input validation combined with file-reading capabilities creates a risk where malicious instructions hidden in plugin files could trick the agent into reading and exposing sensitive information (e.g., SSH keys or environment variables) during the file-location phase.
Recommendations
- AI detected serious security threats
Audit Metadata