learning-medusa
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to analyze user-provided source code as part of its 'Implementation Check' feature. Ingestion points: Multiple markdown files (e.g., checkpoint-api-route.md) prompt the user to share files like 'validators.ts' or 'route.ts'. Boundary markers: No specific delimiters or instructions to ignore embedded commands are used in the provided prompts. Capability inventory: No autonomous shell or file-write capabilities are used by the agent; instructions instead guide the user to perform local actions. Sanitization: None. This is a standard pattern for tutor-style agents but remains a vulnerability surface.
- [Data Exposure & Exfiltration] (LOW): The troubleshooting guide in 'common-errors.md' includes a placeholder connection string (
postgres://user:password@localhost:5432/medusa-db). This is a generic documentation example and does not constitute a leak of sensitive credentials. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): All suggested dependencies are official MedusaJS packages or well-known industry standards (e.g., Zod, React Query). Commands provided (e.g.,
npx medusa db:migrate) are standard framework operations intended for the user to run in their local development environment.
Audit Metadata