preflight-checks
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands based on file paths and configuration values retrieved from the local project environment. This introduces a risk of command injection if filenames or project settings are maliciously crafted.
- [REMOTE_CODE_EXECUTION]: The skill automatically identifies and runs scripts defined within
package.json(such aslint,typecheck, andformatscripts). This enables arbitrary code execution if an attacker provides a project containing malicious script definitions, posing a significant supply chain risk. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through untrusted data within the codebase. Ingestion points: Reads tool definitions and lifecycle scripts from
package.json,pyproject.toml, and other local configuration files. Boundary markers: None; the skill directly interpolates external configuration into shell command strings. Capability inventory: Broad shell execution capabilities across multiple environments (Node.js, Python, Go, Rust). Sanitization: No validation or escaping of the script content found in configuration files is performed before execution.
Audit Metadata