agent-spec-mobile-react-native
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes the Bash tool and shell-based hooks (pre_execution, post_execution, on_error) for environment discovery and error reporting. The commands are limited to discovery tools like
grepandfind. - [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Processes data from the user's codebase, including app.json, package.json, and source files (*.tsx, *.jsx, *.java, *.m) via Read, Grep, and Glob. 2. Boundary markers: Absent; no delimiters are defined to isolate untrusted data from instructions. 3. Capability inventory: High-privilege access via Bash, Write, Edit, and MultiEdit tools which allow system-level modification and command execution. 4. Sanitization: Absent; no validation or escaping of ingested content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata