senior-frontend
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions direct the agent to execute several local Python scripts (scripts/component_generator.py, scripts/bundle_analyzer.py, scripts/frontend_scaffolder.py) and powerful system-level CLI tools including npm, pip, docker, and kubectl. These tools provide broad access to the host file system and container/orchestration environments.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: The skill analyzes external code via and arguments. 2. Boundary markers: No delimiters or instructions to ignore embedded prompts are defined. 3. Capability inventory: The skill can execute Python scripts, modify files, and run infrastructure commands (docker, kubectl). 4. Sanitization: No sanitization of ingested project content is mentioned. An attacker could place malicious instructions in project files that, when analyzed, hijack the agent to perform unauthorized actions.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires running npm install and pip install, which download and execute packages from external registries. This poses a risk of supply chain attacks through unverifiable or malicious dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata