tooling
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute a shell script by first granting execution permissions (
chmod +x setup.sh) and then running it (./setup.sh). This is a high-risk pattern as it enables arbitrary code execution within the environment. If an attacker can influence the contents ofsetup.sh(e.g., via a pull request or untrusted repository), they can gain full control over the agent's execution context. - [COMMAND_EXECUTION] (LOW): The instructions mandate the use of
pnpm installandpnpm add. These commands trigger the execution of lifecycle scripts (pre-install, post-install) defined inpackage.jsonfiles, which may contain malicious code from third-party dependencies. - [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill is designed to process and act upon project-level files (
setup.sh,package.json, environment variables). It lacks boundary markers or sanitization logic to prevent the agent from obeying malicious instructions embedded within these files during the setup process.
Audit Metadata