refactoring
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The script executes arbitrary commands defined in the target project's
package.jsonfile vianpm run test,npm run lint, andnpm run typecheck. If an AI agent uses this skill on an untrusted repository, the repository can gain full control of the execution environment. - [COMMAND_EXECUTION] (MEDIUM): The script executes shell commands and development tools like
find,grep, andnpxagainst the provided project directory. This environment is susceptible to exploitation via malicious project configurations or symlink-based attacks. - [EXTERNAL_DOWNLOADS] (LOW): The script invokes
npx tsc, which may trigger the download and execution of the TypeScript compiler from the npm registry if it is not already present in the environment. - [PROMPT_INJECTION] (HIGH): This skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted external data with high-privilege execution capabilities.
- Ingestion points: Reads
package.json,tsconfig.json, and all source files within the user-provided project directory. - Boundary markers: None. There are no delimiters or instructions to the agent to treat the project data as untrusted or to ignore embedded instructions.
- Capability inventory: Possesses the capability to execute arbitrary shell scripts (via
npm), run external packages (npx), and perform file system operations. - Sanitization: None. The script trusts and executes the contents of the
scriptsfield inpackage.jsonwithout validation.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata