fluent-assertions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a vulnerability by instructing the agent to ingest external data while possessing high-privilege capabilities.
- Ingestion points: Data returned from
mcp__context7__query-docs(external documentation/web content). - Boundary markers: Absent. There are no instructions for the agent to treat fetched documentation as data rather than instructions, nor are there delimiters specified for external content.
- Capability inventory: The skill allows the use of
Bash,Edit, andWritetools. This allows the agent to execute shell commands and modify the local filesystem. - Sanitization: Absent. The skill does not provide mechanisms to validate, filter, or sanitize the content retrieved via the documentation tools.
- Risk: An attacker who controls a documentation source (or performs a man-in-the-middle/poisoning attack on the repository/website) could embed instructions within the text that the agent might obey, leading to unauthorized command execution or file modification.
Recommendations
- AI detected serious security threats
Audit Metadata