effect-ts
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill provides patterns for MCP server tool handlers that are vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the agent context through the
inputparameter in thesearchToolexample inSKILL.md. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present in the provided tool handler templates.
- Capability inventory: The tool demonstrates a database write/execute capability via
db.query(args.query), which maps torunQuery(sql, config)in the provided service layer. - Sanitization: While structural validation is performed via
@effect/schema, the resulting data is interpolated directly into a query string, creating a significant SQL injection surface. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of multiple external packages (
effect,@effect/schema,@effect/opentelemetry) from theeffect-tsorganization. While widely used, this organization is not on the provided Trusted External Sources list, making the dependencies unverifiable by strict policy. - [MALICIOUS_URL_ALERT] (INFO): An automated scan flagged
Layer.suas a phishing URL. This is identified as a false positive; the string is a prefix of the common library methodLayer.succeedused in the code snippets, and no such domain is actually referenced in the file content.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata