senior-backend
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Remote/Local Code] (MEDIUM): The skill relies on local Python scripts (
scripts/api_scaffolder.py,scripts/database_migration_tool.py,scripts/api_load_tester.py) that are not included in the provided files. Their behavior cannot be audited, posing a risk of arbitrary command execution if those scripts contain malicious logic. - [Indirect Prompt Injection Surface] (HIGH): The skill is designed to ingest and process untrusted external data (project paths, backend code, and database schemas).
- Ingestion points: User-specified
<project-path>and<target-path>inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands in the processed data are mentioned.
- Capability inventory: The skill allows the agent to execute shell commands, run Python scripts, perform
npmoperations, and deploy viakubectlanddocker. - Sanitization: No sanitization or validation of the processed code is described.
- Risk: An attacker could place malicious instructions inside a target codebase's comments or configuration files, which the agent might execute with high privileges during 'analysis' or 'optimization' tasks.
- [Privilege Escalation Risk] (MEDIUM): The inclusion of deployment commands (
kubectl apply,docker-compose up) suggests the agent may have access to production or staging environments. Executing these commands based on analysis of untrusted local files is a high-risk pattern.
Recommendations
- AI detected serious security threats
Audit Metadata