shareful-search
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill uses npx to execute the shareful-ai package, which involves downloading and running code from the npm registry at runtime. This package and its organization are not listed as trusted sources.
- REMOTE_CODE_EXECUTION (HIGH): The skill instructions direct the agent to retrieve code 'shares' from an external website (shareful.ai) and 'apply the fix in their codebase'. This allows arbitrary content from an external, potentially attacker-controlled source to be integrated into and executed within a local environment.
- COMMAND_EXECUTION (MEDIUM): The skill facilitates the execution of shell commands (npx search and confirm) with parameters that are influenced by search queries and external results.
- PROMPT_INJECTION (LOW): (Category 8) The skill is vulnerable to indirect prompt injection from external search results. Evidence Chain: 1. Ingestion points: Output of npx shareful-ai search; 2. Boundary markers: Absent in the instructions; 3. Capability inventory: The agent is explicitly told to apply code to the local environment and run further npx commands; 4. Sanitization: No validation or sanitization of the fetched code is performed before application.
Recommendations
- AI detected serious security threats
Audit Metadata