Skills
skills/milady-ai/milady/milady-development/Gen Agent Trust Hub

milady-development

Warn

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands including 'ls', 'cat', 'mkdir', 'git', and 'bun' to navigate and modify the local filesystem.
  • [EXTERNAL_DOWNLOADS]: Uses 'git pull' and 'git fetch' to download code updates from remote branches ('origin/next'). It also uses 'bun install' to download and install packages from external registries.
  • [REMOTE_CODE_EXECUTION]: By design, the skill allows the agent to edit its own TypeScript plugins, install new packages, and restart its runtime ('curl -X POST http://localhost:3000/api/agent/restart'). This creates a direct path for the agent to incorporate and execute arbitrary code at runtime.
  • [PROMPT_INJECTION]: The instructions explicitly define the agent as a 'self-modifying agent' and provide templates for creating new actions, which could be exploited to bypass existing constraints if the agent is directed to add malicious logic to its own plugins.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 8, 2026, 01:22 PM