Skills
skills/viktor-ferenczi/se-dev-skills/se-dev-plugin/Gen Agent Trust Hub

se-dev-plugin

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The Prepare.bat script downloads a busybox.exe binary from https://frippery.org/files/busybox/busybox64u.exe, which is an external domain not included in the trusted vendors or well-known services list.
  • [EXTERNAL_DOWNLOADS]: The download_plugin_source.py script facilitates the download of arbitrary source code ZIP files from user-specified GitHub repositories, which are then extracted and indexed locally.
  • [COMMAND_EXECUTION]: The skill allows the execution of dotnet build for compiling C# code at runtime, and it executes several Python scripts that perform file system and network operations.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by ingesting untrusted C# source code from external GitHub repositories into the agent's context. 1. Ingestion points: The PluginSources/ directory populated via GitHub downloads. 2. Boundary markers: Absent for search results and code analysis. 3. Capability inventory: High, including dotnet build, uv run for script execution, and busybox for arbitrary shell commands. 4. Sanitization: No validation or sanitization is performed on the downloaded code before it is indexed or analyzed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 10:24 AM