add-feature
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS/REMOTE_CODE_EXECUTION] (HIGH): The skill directs the agent to fetch a setup guide from a personal GitHub Gist (
infomiho) and 'Follow the installation steps in the guide'. These steps typically involve shell commands (e.g.,npx,npm install). Because the gist is outside of the trusted organization list, it could be updated to include malicious commands that the agent would then execute on the user's system. - [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted external data and uses it to drive agent behavior without boundary markers or sanitization.
- Ingestion points:
styling.mdfetches from a raw GitHub Gist;authentication.mdandemail-provider.mdfetch from unspecified 'Wasp docs' URLs. - Boundary markers: None. The agent is told to use the raw text as the basis for assisting the user.
- Capability inventory: The agent is authorized to modify the
main.waspconfig file and execute installation commands found in the remote documents. - Sanitization: None provided. The agent follows the remote instructions directly.
- [COMMAND_EXECUTION] (MEDIUM): The instructions in
styling.mdandemail-provider.md(e.g., 'Follow the installation steps', 'run commands in the guide') explicitly trigger command execution based on content retrieved from the network.
Recommendations
- AI detected serious security threats
Audit Metadata