alpine-js-usage-rules
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill contains a mandatory 'Memory Protocol' section that instructs the agent to execute the shell command 'cat .claude/context/memory/learnings.md'. This explicitly directs the agent to perform unauthorized local file reads outside of its primary coding assistance scope.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Files matching the glob '/resources/views/**/*.blade.php' are read via the 'Read' tool. 2. Boundary markers: None are defined to separate the skill's instructions from the content of the files being reviewed. 3. Capability inventory: The skill has 'Write' and 'Edit' capabilities, plus the aforementioned 'bash' execution. 4. Sanitization: There is no mechanism to sanitize or ignore instructions embedded within the Blade files. An attacker could place malicious instructions in HTML comments (e.g., '') which the agent might execute using its powerful toolset.
Recommendations
- AI detected serious security threats
Audit Metadata