mock-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze external React source code using Read, Grep, and Glob tools.
- Ingestion points: Processes local project files which may contain untrusted content from external contributors or malicious repositories.
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore embedded instructions in the code being analyzed.
- Capability inventory: The skill is granted Write and Edit permissions, allowing it to modify the local filesystem based on its analysis.
- Sanitization: No sanitization or validation of the processed code content is defined.
- Risk: An attacker could embed malicious instructions in a React component's comments. When the agent uses this skill to generate mocks, it may follow those instructions to overwrite critical system files or inject malicious scripts into the project using its available tools.
Recommendations
- AI detected serious security threats
Audit Metadata