migrate-to-shoehorn
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill installs the @total-typescript/shoehorn package via npm. This dependency is not from the predefined list of trusted external sources.
- COMMAND_EXECUTION (LOW): The skill uses the grep utility to search the local filesystem. While a standard operation, it interacts with content from untrusted files.
- PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection (Category 8) due to its combination of reading external content and having write/execute capabilities. 1. Ingestion points: Uses grep to read content from *.test.ts and *.spec.ts files. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: File-system write operations (replacement of code assertions) and npm package installation. 4. Sanitization: No sanitization or validation of the ingested code content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata