aceternity-ui-configuration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external content (UI code files under
**/aceternityui/**/*.*) using itsReadcapability. Because the skill also possessesWriteandEdittools, it is vulnerable to indirect prompt injection where malicious instructions hidden in the processed code (e.g., in comments) could trick the agent into performing unauthorized file system modifications. - Ingestion points: File reading of
**/aceternityui/**/*.*viaReadtool. - Boundary markers: Absent. No instructions provided to ignore or escape embedded instructions within the UI code.
- Capability inventory:
Read,Write,Edit, and shell execution viacat. - Sanitization: Absent. No validation or filtering of the content being reviewed.
- Data Exposure (MEDIUM): The skill includes a 'Memory Protocol' section that explicitly instructs the agent to execute
cat .claude/context/memory/learnings.md. This targets internal agent state and metadata files which may contain sensitive project information or previous session context. - Command Execution (LOW): The skill uses a bash block to perform a read operation (
cat). While the specific command is benign, it establishes a pattern of direct shell execution to retrieve context from specific paths.
Recommendations
- AI detected serious security threats
Audit Metadata