Skills
skills/sien75/graphicode-skills/graphicode-junior-engineer-ts-state-bun/Gen Agent Trust Hub

graphicode-junior-engineer-ts-state-bun

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to interact with the project's file system, which could be abused if path variables are not properly constrained.
  • Evidence: Uses cat ./<stateDir>/<stateId>/README.md to read files and echo '...' > ./<stateDir>/<stateId>/index.ts to write code.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external README files to generate executable code.
  • Ingestion points: Reads content from README.md files specified by user-provided IDs in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the model to ignore malicious instructions embedded within the README files.
  • Capability inventory: The skill can read/write to the filesystem and generate code with access to Bun's system-level APIs.
  • Sanitization: There is no evidence of sanitization or validation of the README content before it is used to influence code generation.
  • [REMOTE_CODE_EXECUTION]: The generated code has access to powerful environment capabilities that could be exploited if the code generation logic is subverted.
  • Evidence: references/bun.md identifies that the generated code may use Bun.spawn, Bun.serve, fetch, and bun:ffi, allowing for process execution and network operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:44 AM