cve-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (HIGH): Significant Indirect Prompt Injection surface via untrusted external and local data. \n
- Ingestion Points: Dependency names/versions are parsed from local project files (audit.ts:74), and vulnerability summaries are fetched from remote CVE APIs via
searchCVEByProduct(audit.ts:86). \n - Boundary Markers: Absent. The skill outputs raw data strings directly into the terminal stream read by the agent without delimitation or protective headers. \n
- Capability Inventory: The skill performs network operations (API lookups) and local filesystem discovery. \n
- Sanitization: Absent. The
cve.summaryfield (audit.ts:161) and package names are printed without escaping, allowing instructions embedded in CVE records or package files to reach the agent's reasoning context. - External Downloads (MEDIUM): Dependency on external data sources for CVE lookups. The script performs network requests to remote APIs to fetch vulnerability data. This introduces a trust dependency on external content that is not under the user's direct control.
Recommendations
- AI detected serious security threats
Audit Metadata