Skills
skills/mwguerra/claude-code-plugins/article-writer/Gen Agent Trust Hub

article-writer

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill's workflow in Phase 4 involves executing multiple shell commands to scaffold, install, and test companion projects.
  • Evidence: SKILL.md Phase 4 instructs the agent to run 'composer create-project', 'composer install', 'php artisan migrate', and 'php artisan test'.
  • Verification: The instructions explicitly mandate that the agent must run and verify these commands to confirm project completion, increasing the risk of executing malicious code if parameters are tampered with.
  • [REMOTE_CODE_EXECUTION]: The commands executed by the skill are dynamically determined and can be influenced by external input.
  • Evidence: Phase 4, Step 2 states that values in the 'companion_project' field of an article task override settings defaults, specifically the 'scaffold_command'.
  • Risk: This allows an attacker to inject arbitrary commands via the task definition, which the agent will then execute on the host system as part of the project creation phase.
  • [PROMPT_INJECTION]: The skill possesses a significant surface for indirect prompt injection by processing untrusted data from author profiles and tasks.
  • Ingestion points: Author profiles are loaded from a database and stored in '00_context/author_profile.json'.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the profile data.
  • Capability inventory: The skill has capabilities to write files, execute shell commands (via composer/npm), and perform web searches.
  • Sanitization: No sanitization or validation of the author profile or task input is performed before it is used to influence the agent's behavior and writing style.
  • [EXTERNAL_DOWNLOADS]: The skill automates the download of external software frameworks and libraries from well-known services.
  • Evidence: Phase 4 uses 'composer' and 'npm' to fetch dependencies from official registries.
  • Note: While targeting reputable sources like Packagist and NPM, the lack of version pinning or integrity checks in the provided templates, combined with dynamic overrides, poses a supply chain risk.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 11:29 AM