JArchi Scripting
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (HIGH): The skill exposes
$.child_process.execinreferences/api-utilities.md, allowing the agent to execute arbitrary system commands. This is highly dangerous if model data is used to construct command strings without sanitization. - [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The
load()function inreferences/api-utilities.mdenables the dynamic execution of JavaScript files from the filesystem, which can be leveraged for RCE if file paths or content are influenced by untrusted sources. - [Data Exposure & Exfiltration] (MEDIUM): The skill provides unrestricted file writing via
$.fs.writeFileinreferences/api-utilities.md, allowing for the potential exfiltration of sensitive model data to arbitrary local or network paths. - [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect injection. Ingestion points: External ArchiMate models loaded via
$.model.load(references/api-model.md). Boundary markers: Absent; the skill treats all model content as trusted data. Capability inventory: Powerful write and execute operations including$.child_process.execand$.fs.writeFile. Sanitization: No validation or escaping is applied to untrusted model data before it is processed by high-privilege functions.
Recommendations
- AI detected serious security threats
Audit Metadata