solid-cache-coder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from project files and possesses high-privilege capabilities. * Ingestion points: Uses Read, Grep, and Glob tools to ingest data from the local filesystem. * Boundary markers: Absent; no instructions exist to isolate untrusted data from the agent's core logic. * Capability inventory: Includes the Bash tool for shell command execution and Write/Edit for file modification. * Sanitization: Absent; the skill does not validate or sanitize file content before processing.
- [Command Execution] (MEDIUM): The skill allows the use of the Bash tool for database tasks, which provides a direct path for malicious actions if the agent is compromised via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata