Skills
skills/module-federation/core/mf-shared-deps/Gen Agent Trust Hub

mf-shared-deps

Warn

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses unsafe shell interpolation in SKILL.md. The command node scripts/shared-config-check.js --context '<MFContext-JSON>' allows for command injection if the context (derived from project files via the mf-context skill) contains shell-sensitive characters like single quotes or backticks.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect injection surface.
  • Ingestion points: The mf-context skill collects configuration and artifact data from the target project files.
  • Boundary markers: No shell-escaping or delimiters are used in the command execution step to isolate the data from the command.
  • Capability inventory: The skill utilizes the Bash(node *) tool for execution, providing a pathway to the system shell.
  • Sanitization: No input sanitization or shell-escaping logic is implemented for the JSON input before it is passed to the command line.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 6, 2026, 02:18 PM