zeroize-audit
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes the Serena MCP server from an untrusted GitHub repository (github.com/oraios/serena) using uvx. This represents a dependency on an unverified third-party source.
- [COMMAND_EXECUTION]: The analysis process automatically compiles and runs proof-of-concept (PoC) code that incorporates and links against the codebase being audited. If the target codebase contains malicious code (e.g., in headers or static initializers), it will be executed on the host system during the validation phase.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes comments, symbols, and metadata from the audited repository. Maliciously crafted content in the analyzed code could potentially influence the AI agent's logic, conclusions, or interactions with the user.
- [REMOTE_CODE_EXECUTION]: The execution of the Serena tool via uvx from a remote repository constitutes dynamic execution of remote code from an untrusted source.
Audit Metadata