jetbrains-coding
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The tool
execute_terminal_commandallows the agent to run arbitrary shell commands within the host environment. This can be used to perform unauthorized system modifications, install backdoors, or execute malicious payloads. - DATA_EXFILTRATION (MEDIUM): Tools like
get_file_text_by_pathallow the agent to read any file accessible by the IDE process. Combined with terminal execution capabilities, this enables the reading and subsequent exfiltration of sensitive files such as SSH keys, environmental variables, or local credentials. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from project files and possesses high-privilege capabilities.
- Ingestion points:
get_file_text_by_path,search_in_files_by_text, andfind_usagesread content from the local codebase which may contain attacker-controlled data. - Boundary markers: Absent. There are no instructions to the agent to distinguish between code and embedded natural language instructions.
- Capability inventory:
execute_terminal_command,replace_text_in_file,create_new_file, andrun_configurationprovide extensive write and execution privileges. - Sanitization: Absent. No sanitization or validation of the ingested code content is performed before the agent processes it.
- Result: An attacker could place malicious instructions in comments or documentation within the codebase that the agent might inadvertently execute via the terminal or file manipulation tools.
Recommendations
- AI detected serious security threats
Audit Metadata