security
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Category 8: Indirect Prompt Injection surface. The skill reads arbitrary codebase content and possesses the capability to execute commands and modify files.
- Ingestion points: Project files and git history read via Bash, Read, Glob, and Grep tools.
- Boundary markers: Absent. The instructions do not define delimiters for codebase content when passed to the subagent.
- Capability inventory: Extensive tools including 'Bash' (command execution), 'Write'/'Edit' (file modification), and 'Task' (subagent spawning).
- Sanitization: Absent. Untrusted codebase content is analyzed without specific filtering or sanitization, allowing potential embedded instructions to influence the agent or subagent.
- [EXTERNAL_DOWNLOADS] (LOW): Uses
npx husky initandnpx lint-staged. These commands fetch and execute packages from the npm registry at runtime. While these are standard tools, this is an external execution pattern. - [COMMAND_EXECUTION] (LOW): Uses the Bash tool to modify
.husky/pre-commitand rungitleakscommands. These actions are aligned with the skill's stated purpose but involve modifying sensitive developer configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata