dev-scan
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from multiple developer communities.\n
- Ingestion points: Data is collected from external sources including Reddit, Hacker News, X, and Dev.to via the scripts in the vendor directory.\n
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the agent when synthesizing collected data, which could lead to the agent following malicious instructions embedded in web content.\n
- Capability inventory: The skill uses bash to execute scripts, writes JSON results to the filesystem, and performs network requests via chromux and Python's urllib.\n
- Sanitization: Basic sanitization like HTML stripping and text truncation is performed, but these measures do not prevent indirect prompt injection attacks.\n- [COMMAND_EXECUTION]: The skill instructs the agent to execute several bash commands to perform dependency checks, manage the chromux browser instance, and run the provided Python and Node.js search utilities.\n- [DATA_EXFILTRATION]: The skill creates and writes data to a directory within the user's home folder ($HOME/.hoyeon/). While used for temporary session storage of results, this involves accessing and writing to the user's personal filesystem space.
Audit Metadata