npm-proxy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (HIGH): The skill relies on 'scripts/npm_client.py' which is not provided in the skill package. This prevents verification of how user inputs are sanitized or how credentials are handled.
- [Credential Safety] (MEDIUM): The skill requires the user to set 'NPM_PASSWORD' and 'NPM_EMAIL'. Without the client script, it is unclear if these are handled securely or if they could be leaked through error logs or external requests.
- [Indirect Prompt Injection] (HIGH): Ingestion points: User-provided domain names, host IDs, and forward targets. Boundary markers: None identified. Capability inventory: Delete, enable, disable proxy hosts, and modify SSL certificates via REST API. Sanitization: Unknown due to missing script. Analysis: An attacker could potentially influence the agent via external content to delete critical proxy hosts or redirect traffic by providing malicious domain configurations.
- [Command Execution] (MEDIUM): The documentation suggests the agent use 'curl' for complex payloads. If the agent interpolates untrusted data into these shell commands, it could lead to command injection.
Recommendations
- AI detected serious security threats
Audit Metadata