frontend-api
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest data from external API endpoints (SKILL.md) to implement fetching logic. There are no boundary markers or instructions to sanitize or ignore embedded instructions within the API responses. Because the skill has
BashandWritecapabilities, a malicious API response could manipulate the agent into executing system commands or injecting backdoors into thesrc/api/orsrc/services/directories. - COMMAND_EXECUTION (MEDIUM): The skill is explicitly granted
Bashtool permissions in its metadata. While this is likely intended for development tasks, the presence of shell access in a skill designed to interact with external web content significantly elevates the impact of any potential injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata