context-hub
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the global NPM package
@aisuite/chub. As@aisuiteis not on the trusted organizations list, this is an unverifiable dependency. - [COMMAND_EXECUTION]: Several shell commands, including
chub search "<library or API name>"andchub get <id>, use dynamic strings from task context or external search results without proper sanitization, creating a risk for command injection. The skill also executes automated git operations (git fetch,git pull). - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. 1. Ingestion points: External documentation is fetched and ingested via
chub get(SKILL.md). 2. Boundary markers: There are no instructions or delimiters to isolate or ignore instructions within the fetched documentation. 3. Capability inventory: The agent has shell command capabilities (git,npm,chub) and the ability to modify project code. 4. Sanitization: The documentation content is used directly as a 'source of truth' for code generation without validation.
Audit Metadata