Skills
skills/norseboar/superpowers-cursor/root-cause-tracing/Gen Agent Trust Hub

root-cause-tracing

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The find-polluter.sh script executes arbitrary local files matching a pattern via npm test. * Evidence: Line 42 of find-polluter.sh runs npm test "$TEST_FILE". * Risk: An attacker can achieve Remote Code Execution (RCE) by placing malicious code in a file that matches the provided test pattern.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is vulnerable to malicious content in the files it processes. * Ingestion points: Local filesystem search via find in find-polluter.sh. * Boundary markers: Absent. * Capability inventory: Subprocess execution via npm test in find-polluter.sh. * Sanitization: Absent; file paths are passed directly to the execution command.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:00 AM