impl
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection via untrusted project data.
- Ingestion points: Reads
package.json,Makefile,pyproject.toml, andCargo.tomlto identify test/check commands. - Boundary markers: None identified. The skill directly transitions from reading file content to executing the extracted strings.
- Capability inventory: Uses the
Bashtool to execute the results of the auto-detection. - Sanitization: No validation or sanitization is performed on the strings retrieved from project files before they are passed to the shell.
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The auto-detection feature for check commands effectively creates an RCE vector. If a user runs this skill on a third-party repository containing a malicious
package.json(e.g., a "test" script that exfiltrates data), the agent will execute that command automatically during the implementation cycle. - [Command Execution] (HIGH): The skill grants the agent the ability to execute arbitrary bash commands based on logic derived from local files, which is a high-privilege operation that should require explicit user confirmation for each specific command string rather than a one-time workflow selection.
Recommendations
- AI detected serious security threats
Audit Metadata