block-discovery-agent
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill frequently invokes
npx derived-cli@latest. This command downloads and executes a package from a public registry that is not associated with a trusted organization. This poses a significant supply chain risk as the package could be compromised or replaced with a malicious version.\n- [COMMAND_EXECUTION] (HIGH): The skill is designed to run shell commands to initialize projects and list categories. This capability can be abused if the inputs to these commands (like project-slug or category-name) are not properly sanitized or if the CLI tool itself is malicious.\n- [PROMPT_INJECTION] (LOW): The skill performs repository-wide file discovery and uses that content to populate Linear issues (Category 8). It lacks boundary markers to protect against malicious instructions embedded in the source code it parses.\n - Ingestion points: Repository source paths and file content during the 'Discover reusable source paths' step in SKILL.md.\n
- Boundary markers: None. The skill does not use delimiters or instructions to ignore potential prompts within the codebase.\n
- Capability inventory: Execution of shell commands (
npx) and creation of issues via the Linear MCP.\n - Sanitization: None. The skill interpolates raw repository strings directly into the Linear issue markdown template.
Recommendations
- AI detected serious security threats
Audit Metadata