rspress-v2-upgrade
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes build and dev commands defined in local package.json files, which allows for arbitrary code execution if the project source code is untrusted.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Uses npx to download and run the taze utility from the npm registry, which is an external dependency.
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) as the agent ingests package.json, configuration files, and MDX files to drive its logic. These files are untrusted external content and could contain instructions to hijack the agent. Mandatory Evidence: Ingestion points: package.json, rspress.config, custom themes, MDX files. Capability inventory: npx execution, file modification, build script execution. Sanitization: None. Boundary markers: None.
- [REMOTE_CODE_EXECUTION] (HIGH): The execution of project-defined scripts (build/dev) after parsing potentially malicious project files provides a direct mechanism for remote code to be executed on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata