self-improving
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (CRITICAL): The skill uses
prpm installto fetch packages from an external registry that is not a recognized trusted source. It specifically encourages the installation of 'Community' packages which are unverified and reside outside of known safe domains. - REMOTE_CODE_EXECUTION (CRITICAL): Once a package is installed, the skill 'loads package knowledge and applies it to the current task.' This mechanism allows the agent to incorporate and execute logic, prompts, or scripts from an untrusted source, effectively providing a path for arbitrary code execution within the agent's environment.
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. Malicious actors could publish packages to the PRPM registry specifically designed to be surfaced by common search keywords (e.g., 'aws', 'react', 'testing'). If installed, these packages can contain malicious instructions that override the agent's safety protocols and core constraints.
- COMMAND_EXECUTION (HIGH): The agent is granted the capability to execute shell commands (
prpm search,prpm install) based on trigger words detected in user prompts. This provides an attacker with a direct vector to manipulate the agent's tool-use capabilities through keyword-stuffed requests.
Recommendations
- AI detected serious security threats
Audit Metadata