Skills
skills/medusajs/medusa-agent-skills/new-user/Gen Agent Trust Hub

new-user

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (CRITICAL): The skill performs direct string interpolation of user-supplied arguments into a Bash command: npx medusa user -e <email> -p <password>. Because there is no sanitization, escaping, or validation, a malicious user can provide input such as '; rm -rf / # for the email parameter to execute arbitrary shell commands with the privileges of the agent.
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill relies on npx, which downloads and executes packages from the npm registry at runtime. This introduces a supply chain risk where a compromised or typo-squatted package could lead to full system compromise.
  • [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data (email/password) and has high-privilege execute capabilities (Bash).
  • Ingestion points: Arguments <email> and <password> from the user.
  • Boundary markers: None present. The instructions do not tell the agent to treat the input as literal data only.
  • Capability inventory: Access to the Bash tool with broad permissions (npx medusa user:*).
  • Sanitization: Completely absent. The skill lacks any logic to filter out shell metacharacters (;, &, |, $(), etc.).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 10:06 AM