verify-fix
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides templates for executing high-privilege commands using
vercel,stripe, andnpx convexon production environments. Specifically, the use ofnpx convex run --prodandvercel logs --prodwith interpolated variables like[query],[app], and[pattern]poses a severe risk of shell injection if the inputs are not strictly validated. - DATA_EXFILTRATION (MEDIUM): The protocol encourages reading production logs and querying specific database records using user-supplied criteria. In an adversarial scenario, an attacker could craft inputs to expand the scope of these queries to expose sensitive data from the production database or logs.
- INDIRECT_PROMPT_INJECTION (HIGH): (Category 8) Evidence Chain: 1. Ingestion points: The skill ingests untrusted data via placeholders like
[affected_id],[query],[test payload], and[pattern]in SKILL.md. 2. Boundary markers: Absent. There are no delimiters or instructions to treat these inputs as data only. 3. Capability inventory: High-privilege access vianpx convex run --prod,vercel logs, andcurldocumented in SKILL.md. 4. Sanitization: Absent. The skill assumes the agent will safely interpolate these values, which is a dangerous assumption for shell-based tool execution.
Recommendations
- AI detected serious security threats
Audit Metadata