Skills
skills/outfitter-dev/agents/stack-review/Gen Agent Trust Hub

stack-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external data (source code) that could contain malicious instructions designed to subvert the agent's auditing logic.
  • Ingestion points: Files read via Read, rg (ripgrep), and Glob tools.
  • Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from following instructions found within the audited code.
  • Capability inventory: The skill uses Bash(rg *) and Read. While Bash is limited to rg in the configuration, a compromised agent could attempt to bypass constraints or use Read to disclose sensitive file contents.
  • Sanitization: None. The agent directly analyzes raw file content without sanitization or filtering.
  • Command Execution (MEDIUM): The skill relies on executing shell commands (rg) via Bash. This creates a risk of command injection if the agent framework does not properly sanitize inputs passed to the shell.
  • Automated Scan Results (INFO): The automated scan flagged logger.info and ctx.logger.info as malicious URLs. These are confirmed as false positives; the scanner misinterpreted TypeScript method calls using the .info Top-Level Domain (TLD) as URLs.
Recommendations
  • AI detected serious security threats
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:36 PM