piperack-configure
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingest untrusted data from local project files to determine which processes to configure. An attacker could plant a malicious manifest file (e.g., a 'package.json' with a malicious 'start' script) to trick the agent into proposing a harmful configuration.
- Ingestion points: Local project files including 'package.json', 'Cargo.toml', 'docker-compose.yml', 'Procfile', 'Makefile', 'go.mod', and 'requirements.txt' are read by the agent (defined in SKILL.md).
- Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions found within these files.
- Capability inventory: The agent has the capability to write the 'piperack.toml' file, which defines commands that will be executed when the user runs the Piperack tool.
- Sanitization: Absent; the skill relies entirely on the user's manual review of the proposed configuration before writing it to disk.
Audit Metadata