jetbrains-skill
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill implements
execute_terminal_commandandexecute_run_configurationtools. These allow the agent to run any command or script within the IDE's terminal environment. While this is the primary purpose of the skill, it represents a high-risk capability. The severity is set to MEDIUM because the documentation explicitly warns about the risks and the 'Brave Mode' which disables safety confirmations. - DATA_EXFILTRATION (MEDIUM): Tools such as
get_file_text_by_pathandsearch_in_files_by_textallow the agent to read project files. This could lead to the exposure of sensitive data like.envfiles, API keys, or internal documentation if the agent is misdirected. - PROMPT_INJECTION (LOW): The instructions describe 'Brave Mode' and how to enable/disable it. An attacker could potentially use indirect prompt injection in a project file to trick the agent into enabling this mode or executing destructive commands under the guise of automation.
- Indirect Prompt Injection (LOW):
- Ingestion points: The agent reads untrusted data via
get_file_text_by_path,search_in_files_by_text, andget_symbol_info. - Boundary markers: None are specified in the provided instruction files.
- Capability inventory: The skill possesses extensive capabilities including
execute_terminal_command,create_new_file, andreplace_text_in_file. - Sanitization: No sanitization or validation of the content read from files is mentioned before the agent processes it.
Audit Metadata