add-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted external data and interpolates it into a repository source file. 1. Ingestion points: 'firstname', 'slug', and 'description' fields in SKILL.md are populated from external expert details. 2. Boundary markers: Absent; there are no instructions for the agent to validate or escape the input. 3. Capability inventory: Writing files to public image paths, modifying 'experts-data.tsx', and executing 'bun render-cards'. 4. Sanitization: Absent; the 'description' field specifically allows JSX/HTML tags, which could be used for malicious code injection.
- [Command Execution] (MEDIUM): The skill requires the execution of 'bun render-cards' in 'packages/docs'. This command processes the data previously modified by the agent, potentially triggering the execution of injected content or influencing the build process.
Recommendations
- AI detected serious security threats
Audit Metadata