publish-placeholder-package
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to bootstrap an npm package environment and publish to the registry. This includes using mktemp, cat for file creation, and standard npm CLI tools (publish, login, view).
- [PROMPT_INJECTION]: The skill processes user-supplied data which creates an indirect prompt injection surface.
- Ingestion points: The agent accepts package names and repository paths from the user.
- Boundary markers: The shell command blocks do not use explicit delimiters to isolate user-provided variables.
- Capability inventory: The agent has the ability to execute npm commands, modify local temporary files, and perform cleanup via rm -rf.
- Sanitization: There is no explicit validation logic shown for the package name or path strings before they are used in shell commands.
Audit Metadata