magento-security-analyst
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded in data it processes. In its role as a security analyst, it ingests untrusted content that can override its safety protocols or trigger dangerous actions.\n
- Ingestion points: The skill analyzes Magento source code files, configurations, and third-party dependencies during 'Code Security Review' and 'Dependency Scanning' tasks (SKILL.md).\n
- Boundary markers: No specific delimiters or instructions are provided to the agent to treat analyzed code as data only and ignore embedded directives.\n
- Capability inventory: The skill allows the execution of
bin/magentoandcomposercommands, which can modify the file system and perform network operations (SKILL.md).\n - Sanitization: There is no evidence of sanitization or filtering of the content being audited before it is processed by the agent.\n- Command Execution (LOW): The skill provides snippets for executing
bin/magento security:scanandcomposercommands. While these are legitimate administrative tools for Magento, they represent the execution surface that an Indirect Prompt Injection attack would target.\n- External Downloads (LOW): The skill usescomposer updateto manage dependencies. While this involves downloading remote code, it targets the official Magento/Packagist repositories, which are considered trusted sources for this specific development context, thus downgrading the severity per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata