check-quality
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Metadata Poisoning (MEDIUM): The skill includes the claim 'Opus 4.6 found 500 zero-day vulnerabilities in pre-release testing.' This is a fictional statement designed to establish unearned authority and bypass user caution regarding the skill's capabilities and safety.
- Indirect Prompt Injection (LOW): The skill is susceptible to hijacking via malicious repository files. Ingestion points: Reads and parses local 'package.json' and configuration files. Boundary markers: None; it does not warn the agent to ignore instructions embedded in the project files. Capability inventory: Executes arbitrary shell commands via 'pnpm coverage' and 'npm run coverage', and makes GitHub API calls. Sanitization: None; it directly executes command strings found in the untrusted project's package.json.
- Command Execution (LOW): The skill intentionally executes local shell commands to audit the environment. While part of its primary purpose, executing 'pnpm coverage' on an untrusted codebase allows for arbitrary code execution if the 'coverage' script is maliciously defined.
Audit Metadata