generic-fullstack-feature-developer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection. 1. Ingestion points: external feature requests and refactoring tasks (SKILL.md). 2. Boundary markers: absent. 3. Capability inventory: shell execution for database migrations (npx prisma migrate). 4. Sanitization: absent. This allows malicious instructions in feature requests to potentially manipulate the database via the agent.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends the use of 'npx prisma', which downloads and executes code from the npm registry without version pinning. Since Prisma is not in the trusted source list, this constitutes an unverifiable dependency risk.
- [COMMAND_EXECUTION] (MEDIUM): Directs the agent to perform shell-based operations like database migrations and client generation, providing a high-privilege capability that can be abused via indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata