fix-errors
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface by ingesting untrusted data from the local codebase. \n
- Ingestion points: Reads
package.jsonand captures output from linters and compilers (eslint,tsc) as described in the workflow section of SKILL.md.\n - Boundary markers: None present. The skill does not use delimiters or specific instructions to ignore malicious commands embedded within the source code or error logs it processes.\n
- Capability inventory: Has extensive file write and command execution capabilities via the
Bashtool (npm, pnpm, tsc) and the ability to spawn parallel sub-agents via theTasktool.\n - Sanitization: No validation or sanitization is performed on the data ingested from error logs or package configurations before it is used to direct the behavior of the agent and its sub-agents.\n- Command Execution (MEDIUM): The workflow relies on executing scripts defined in
package.json. A malicious actor who has modified the project's configuration could trick the agent into executing arbitrary code by embedding it in standard script names like 'lint' or 'typecheck'.
Recommendations
- AI detected serious security threats
Audit Metadata