fragno-fragment-creation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the agent to run
pnpm create fragno@latest. This downloads and executes code from a third-party registry and an author that is not on the trusted sources list. - [REMOTE_CODE_EXECUTION] (HIGH): The use of
pnpm createinvolves executing arbitrary initialization scripts from a remote package, posing a significant security risk if the package is compromised. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It fetches markdown documentation and API data at runtime via
curlfromhttps://fragno.dev. - Ingestion points: Documentation URLs in
SKILL.mdandreferences/directory used as source material for code generation. - Boundary markers: None present; the agent is instructed to read and follow these external guides directly as ground truth.
- Capability inventory: Full project scaffolding, code generation, and package installation capabilities.
- Sanitization: No validation or sanitization of the fetched content is performed before processing.
- [COMMAND_EXECUTION] (MEDIUM): The skill makes extensive use of shell commands (
pnpm,curl) which could be abused if the agent is tricked by malicious external content into executing unintended parameters.
Recommendations
- AI detected serious security threats
Audit Metadata