verification-loop
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Command Execution] (HIGH): The skill executes arbitrary shell commands retrieved from project manifest files (e.g.,
npm run build,pytest). If the agent is used to analyze or 'verify' a malicious repository, an attacker can embed destructive commands within these configuration files which the skill will then execute on the host system. - [Indirect Prompt Injection] (HIGH):
- Ingestion points: The skill reads
package.json,pyproject.toml,Cargo.toml, and various linter/type-check configurations. - Boundary markers: Absent. There are no mechanisms to prevent the execution of embedded instructions found within the project data.
- Capability inventory: Full subprocess execution for
npm,uv,python,cargo, and several security scanners across all supported languages. - Sanitization: None. The skill implicitly trusts the 'scripts' and 'commands' defined in the project structure.
- [Dynamic Execution] (MEDIUM): The logic dynamically constructs command strings based on detected project types and configuration presence, increasing the risk of command injection if file names or script names are manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata