docs-page
Fail
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's reference file
example.htmlcontains a piped shell execution command (curl -fsSL https://get.filebase.dev | sh). This is a high-risk pattern that encourages the execution of unverified remote scripts and is likely to be reproduced in the agent's output. - [EXTERNAL_DOWNLOADS]: The skill templates reference an external, unverified domain (
get.filebase.dev) for downloading binary content and scripts. - [DATA_EXFILTRATION]: The example content explicitly identifies the sensitive configuration path
~/.config/filebase/credentials. Referencing such paths in documentation templates can lead to accidental exposure or targeted collection of sensitive user credentials by malicious actors. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes external data from a
DESIGN.mdfile without adequate safety measures. - Ingestion points: The skill reads tokens and instructions from the
DESIGN.mdfile as part of its generation workflow. - Boundary markers: The instructions lack boundary markers or warnings to ignore potentially malicious embedded commands within the design tokens.
- Capability inventory: The skill emits complex HTML artifacts that are rendered in a preview environment, creating a side-effect channel for injected content.
- Sanitization: There is no evidence of sanitization or escaping of the content ingested from the external design file before it is included in the output.
Recommendations
- AI detected serious security threats
Audit Metadata