embeddings
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution & External Downloads (HIGH): The skill utilizes
npx claude-flowfor its primary operations. This command downloads and executes theclaude-flowpackage from the npm registry at runtime. Since this package does not originate from a verified or trusted organization, it constitutes an untrusted download and execution vector. - Command Execution (MEDIUM): The skill instructions direct the agent to execute multiple shell commands to initialize, embed, and search data, which could be exploited if command arguments are manipulated.
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted data from local files via
embeddings batch --file documents.json. This data is indexed and subsequently retrieved to influence the agent's context and reasoning. - Ingestion Points: File read operation in
batch --file documents.json. - Boundary Markers: None identified in the provided documentation.
- Capability Inventory: Shell command execution via npx, file system read access for batch processing.
- Sanitization: No sanitization or validation mechanisms are described for the content of processed documents.
Recommendations
- AI detected serious security threats
Audit Metadata