Skills
skills/rdimascio/react-marketplace/store-generator/Gen Agent Trust Hub

store-generator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data and has write-access capabilities, creating a significant injection surface.
  • Ingestion points: Uses Read, Grep, and Glob tools to process React source files as defined in SKILL.md.
  • Boundary markers: Absent. There are no instructions provided to the agent to distinguish between its own logic and instructions found within analyzed files.
  • Capability inventory: The skill is granted Write and Edit permissions in the allowed-tools section, allowing it to modify files on the system.
  • Sanitization: Absent. There is no evidence of content validation or filtering.
  • Command Execution (MEDIUM): The skill is granted broad file system modification rights (Write, Edit) through its allowed tools. While standard for a 'generator' tool, these capabilities increase the potential impact of a successful injection attack.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:06 PM