monorepo-scaffold
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to indirect prompt injection (Category 8). The skill ingests untrusted data from existing repositories and has high-privilege execution capabilities. \n
- Ingestion points: Workflow step 1 involves auditing existing scripts and entrypoints in an external repository.\n
- Boundary markers: Absent. There are no instructions to delimit or ignore instructions found in the target repository.\n
- Capability inventory: Executes
pnpm install,pnpm turbo run build, andpnpm dlx create-turbo(command execution).\n - Sanitization: Absent. No verification or sanitization of existing
package.jsonscripts is performed before execution.\n- [REMOTE_CODE_EXECUTION] (LOW): The skill usespnpm dlx create-turbo@latest. While Vercel is a trusted source, downloading and executing code at runtime carries inherent risks. This finding is downgraded to LOW per [TRUST-SCOPE-RULE] as Vercel is a trusted organization.\n- [COMMAND_EXECUTION] (MEDIUM): The skill requires the execution of multiple shell commands to perform the migration, which could be exploited if the agent is influenced by malicious content in the repository being converted.
Recommendations
- AI detected serious security threats
Audit Metadata