Skills
skills/sailscastshq/boring-stack/quest/Gen Agent Trust Hub

quest

Fail

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill's core functionality is to execute arbitrary JavaScript code (jobs) within a Sails.js environment. This is a powerful capability that, if misused through prompt manipulation, could lead to severe consequences. The primary security concerns are the potential for arbitrary command execution, data exfiltration through dynamic network requests or email/alert helpers, and the use of an unverified external dependency.

Total Findings: 3

🔴 HIGH Findings: • Command Execution

  • Line 37 in rules/api.md: The sails.quest.run(jobName, inputs?) method explicitly executes a job immediately by spawning a child process via sails run <script-name>. This is confirmed in rules/getting-started.md (Line 59: "the hook spawns sails run <script-name> as a child process") and rules/job-definition.md (Line 190: "Each job runs as a separate Node.js process via sails run"). Inputs are serialized as CLI arguments, creating a potential vector for command injection if jobName or inputs can be controlled by a malicious prompt.

🟡 MEDIUM Findings: • Unverifiable Dependencies

  • Line 13 in README.md: The installation instruction npx skills add sailscastshq/boring-stack/skills/quest and the explicit npm install sails-hook-quest (Line 20 in rules/getting-started.md) refer to sails-hook-quest from the sailscastshq GitHub organization. This organization is not listed as a trusted source, meaning the core dependency of the skill is unverified and could potentially contain malicious code. • Data Exfiltration
  • Line 240 in rules/patterns.md: Examples demonstrate sending data via sails.helpers.sendEmail.with(...) (e.g., export-monthly-report.js sending CSV content to a dynamic recipientEmail). Other examples show sails.helpers.sendSlackAlert.with(...) (e.g., health-check.js, monitor-stale-data.js, Job Event Logging Pattern, quest:job:error in rules/api.md) and sails.helpers.http.post(webhook.url, webhook.payload, ...) (e.g., retry-webhooks.js). If a malicious prompt can control the destination (email, Slack channel, webhook URL) or the content of these communications, sensitive data could be exfiltrated to an attacker-controlled endpoint.

================================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 12, 2026, 03:26 PM