magicpath
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing instructions and code from an external platform.
- Ingestion points: The
promptfield in theme definitions (accessed viamagicpath-ai get-theme) and the component source code (accessed viamagicpath-ai inspect) provide natural-language instructions and executable code from the platform to the agent. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing workflow.
- Capability inventory: The skill utilizes the
magicpath-aiCLI for shell execution, can write files to the local repository via theaddcommand, and is instructed to modify existing application code for integration. - Sanitization: No sanitization, validation, or escaping of the platform-provided data is defined.
- [COMMAND_EXECUTION]: The skill uses shell commands for environment management and platform interaction.
- Employs dynamic context injection (
!) inSKILL.mdto automatically executemagicpath-ai infowhen the skill is loaded to determine auth and project status. - Directs the agent to perform global installation of the
magicpath-aipackage via npm and manages local filesystem writes using the CLI's installation capabilities.
Audit Metadata