impeccable-extract
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's primary function is to scan local files to 'Identify reusable patterns' and 'Find the design system'. This presents a significant attack surface.
- Ingestion points: External local source code files, components, and documentation (grepping for 'ui', 'components', etc.).
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions found within the analyzed files.
- Capability inventory: Significant file system operations including file creation ('Extract & Enrich'), file modification ('Migrate'), and file deletion ('Delete dead code').
- Sanitization: Absent. Malicious instructions embedded in source code comments or strings could be executed by the agent to modify or delete unintended files.
- [Command Execution] (MEDIUM): The skill explicitly mentions using shell-like operations ('grep') and instructs the agent to 'Treat command arguments mentioned by the user as scope hints.' If these arguments are interpolated directly into shell commands or tool calls without strict escaping, it facilitates a command injection vector.
Recommendations
- AI detected serious security threats
Audit Metadata