senior-fullstack
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [NO_CODE] (HIGH): The core logic of the skill resides in the
scripts/andreferences/directories, which are completely missing. This makes it impossible to verify the safety offullstack_scaffolder.py,project_scaffolder.py, orcode_quality_analyzer.pybefore they are executed on the host system. - [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its design for analyzing external codebases. \n
- Ingestion points: The skill reads user-supplied project paths and files for analysis (
scripts/project_scaffolder.py <target-path>). \n - Boundary markers: None. There are no instructions to the agent to treat content within the scanned directories as untrusted or to ignore embedded instructions in analyzed code. \n
- Capability inventory: The skill allows for python script execution, environment variable manipulation (
cp .env.example .env), and infrastructure deployment (docker build,kubectl apply). \n - Sanitization: No sanitization or safety-wrapping logic is described for handling external file content.
- [COMMAND_EXECUTION] (HIGH): The skill facilitates the execution of arbitrary Python scripts provided within the skill's own directory and shell commands for deployment and package management. Without the script contents, these represent an unverified execution risk.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Instructions include
npm installandpip install -r requirements.txt. These commands pull code from external registries (npm, PyPI) without provided lockfiles or manifests, posing a risk of dependency confusion or supply chain attacks.
Recommendations
- AI detected serious security threats
Audit Metadata