oneshot
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill integrates untrusted data sources with high-privilege operations, creating a significant security risk.
- Ingestion points: User-provided feature descriptions, local file contents retrieved via Glob/Grep, and external search results from WebSearch.
- Boundary markers: Absent; the skill instructions do not provide delimiters or logic to help the agent distinguish between task commands and data retrieved from untrusted sources.
- Capability inventory: The skill possesses the capability to modify the filesystem and execute shell commands through npm scripts (format, lint, typecheck).
- Sanitization: Absent; there is no validation or sanitization of external content before it influences code generation or script execution.
- Command Execution (MEDIUM): The skill explicitly instructs the agent to run shell commands (
npm run). While these are common development tools, their execution is risky when the agent's actions have been influenced by untrusted external data without human review.
Recommendations
- AI detected serious security threats
Audit Metadata