magento-upgrade-specialist
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of analyzing external code.
- Ingestion points: The skill performs 'Custom Code Review' and 'Extension Compatibility' checks (via
composer show). - Boundary markers: No delimiters or safety instructions are defined to separate the data being analyzed from the agent's logic.
- Capability inventory: The skill explicitly uses
bin/magento,composer, andmysqldumpcommands, which can execute code or manipulate sensitive data. - Sanitization: No sanitization or validation of the analyzed source code or extension descriptions is mentioned.
- COMMAND_EXECUTION (HIGH): The skill includes instructions to run
bin/magento setup:upgradeandbin/magento setup:di:compile. These commands execute PHP code from all installed modules (including third-party extensions). If a malicious extension is analyzed and subsequently upgraded/compiled, it results in arbitrary code execution on the host system. - EXTERNAL_DOWNLOADS (LOW): The skill uses
composer updateto fetch external PHP packages. While this is a standard industry practice and the references point to trusted Adobe/Magento documentation, the operation still involves downloading and potentially executing third-party code via composer hooks. Per [TRUST-SCOPE-RULE], the download itself is downgraded to LOW due to trusted source references, but the execution risk is captured in the High-severity findings above.
Recommendations
- AI detected serious security threats
Audit Metadata