Skills
skills/rdimascio/react-marketplace/api-generator/Gen Agent Trust Hub

api-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill exhibits a significant vulnerability surface where untrusted data (source code) can influence actions with side effects (file writing).
  • Ingestion points: The skill uses Read, Grep, and Glob tools to ingest content from the local React application's codebase in SKILL.md.
  • Boundary markers: There are no defined delimiters or 'ignore' instructions to prevent the agent from obeying natural language commands found within the analyzed files.
  • Capability inventory: The skill is granted Write and Edit permissions. A successful injection via a code comment could lead to the agent overwriting sensitive files or injecting backdoors into the application.
  • Sanitization: No sanitization or validation logic is defined to differentiate between 'code to analyze' and 'instructions to follow.'
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:46 PM