Skills
skills/outfitter-dev/agents/stack-audit/Gen Agent Trust Hub

stack-audit

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill requests broad Bash(bun *) and Bash(rg *) permissions, which allows the agent to execute arbitrary shell commands via these tools.
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk from untrusted code. 1. Ingestion points: project-root files read via ripgrep and init-audit.ts. 2. Boundary markers: None identified. 3. Capability inventory: Bash shell access, Read file operations, and Glob filesystem navigation. 4. Sanitization: No sanitization of external content before processing.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Executes a local TypeScript file init-audit.ts via the Bun runtime. While ostensibly for auditing, it represents unverified dynamic code execution that performs automated filesystem writes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:13 AM