angular-coding
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Data Exposure & Exfiltration (HIGH): The skill contains a hardcoded absolute file path pointing to a specific user directory: 'C:\Users\BLogic.cursor\skills\project-scanner\SKILL.md'.\n
- Evidence: Hardcoded path found in 'SKILL.md' under the 'Pre-Edit Analysis' section.\n
- Risk: Exposure of local file system structure and specific usernames. This can lead to unauthorized file reads or sensitive data leakage if used on different systems or shared environments.\n- Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze external project files (source code and configuration) to determine patterns, which creates a significant attack surface.\n
- Ingestion points: 'package.json', '/*.service.ts', '/.component.ts', and '**/.model.ts' as specified in 'SKILL.md'.\n
- Boundary markers: Absent. The skill lacks instructions to help the agent distinguish between project code and control instructions.\n
- Capability inventory: The skill performs file reads and writes (code editing) and suggests shell command execution.\n
- Sanitization: Absent. External content from the scanned project is used directly to influence the agent's logic for version-aware code generation.\n- Command Execution (LOW): The skill suggests running system commands for project migration.\n
- Evidence: 'ng generate @angular/core:control-flow' in 'control-flow.md'.\n
- Context: While this is a standard developer tool command, it demonstrates the agent's ability to execute shell commands based on external skill instructions.
Recommendations
- AI detected serious security threats
Audit Metadata