docs-seeker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute shell commands like
node scripts/detect-topic.js "<user query>". This pattern is directly vulnerable to command injection if the query contains shell metacharacters (e.g.,"; rm -rf / #"), allowing arbitrary code execution on the host system.\n- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability (Category 8). \n - Ingestion points: The skill fetches
llms.txtfiles from external, untrusted sources (context7.com).\n - Boundary markers: None identified; content is passed directly to analysis scripts.\n
- Capability inventory: Script results determine 'agent distribution strategies', which can influence the agent's subsequent tool use and deployment logic.\n
- Sanitization: Absent. A malicious documentation provider can embed instructions in
llms.txtto hijack the agent's logic or trigger exfiltration.\n- [CREDENTIALS_UNSAFE] (MEDIUM): The skill is configured to load.envfiles from parent directories (e.g.,.factory/.env). This violates the principle of least privilege and may expose global secrets or credentials from other skills to this skill's scripts.
Recommendations
- AI detected serious security threats
Audit Metadata