Skills
NYC
skills/smithery/ai/hono/Gen Agent Trust Hub

hono

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs and uses @hono/cli and create-hono. These packages belong to the honojs organization, which is not included in the trusted source whitelist.\n- [PROMPT_INJECTION] (MEDIUM): Indirect Prompt Injection surface detected. The skill uses hono docs and hono search to fetch external content that guides agent behavior.\n
  • Ingestion points: Remote documentation from hono.dev and local project files (src/index.ts).\n
  • Boundary markers: No boundary markers or instructions are provided to distinguish between documentation content and system directives.\n
  • Capability inventory: Shell command execution via hono serve, hono request, and hono optimize.\n
  • Sanitization: There is no evidence of sanitization or filtering of fetched documentation content.\n- [COMMAND_EXECUTION] (MEDIUM): Commands like hono serve and hono request execute the user's application code. This represents a capability that could be abused if the agent is influenced by malicious instructions to modify the project code prior to execution.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill recommends using deno run -A npm:create-hono for project initialization. The -A flag grants the remote script full system access, posing a risk if the upstream package is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 05:28 AM