frontend-inferencer
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration in SKILL.md defines a PostToolUse hook that triggers upon use of the 'Read' tool. This hook executes a shell script located at '../../../hooks/skills/post_output_validation_hook.sh', which utilizes relative path traversal to run a command outside the skill's primary directory.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from external sources.
- Ingestion points: The skill ingests 'javascript_signals', 'html_signals', and 'http_signals' which are collected from external websites.
- Boundary markers: The skill definition lacks boundary markers or instructions to ignore potential commands embedded within the processed web data.
- Capability inventory: The skill has access to the 'Read' and 'Grep' tools and the ability to execute shell scripts via configured hooks.
- Sanitization: No input validation or sanitization logic is described for the incoming web signals before they are passed to the inference logic.
Audit Metadata