app-builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to process natural language requests from users to generate and execute code. This creates a significant Indirect Prompt Injection surface where an attacker can embed malicious instructions within an 'app request' to manipulate the agent's behavior.
- Ingestion points: User input via 'natural language requests' described in the Orchestrator logic.
- Boundary markers: Absent. There are no instructions to delimit user input or ignore embedded commands.
- Capability inventory: High-privilege access including
Bash(shell execution),Write/Edit(filesystem modification), andAgent(triggering further automated tasks). - Sanitization: Absent. The skill lacks validation or filtering logic for the input it processes.
- COMMAND_EXECUTION (HIGH): The skill explicitly allows the
Bashtool. In the context of an orchestrator that translates user requests into executable actions, this allows for arbitrary command execution if the agent is misled by a malicious prompt.
Recommendations
- AI detected serious security threats
Audit Metadata