avalonia-layout-zafiro
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: The skill instructs the agent to read multiple markdown files (themes.md, containers.md, icons.md, behaviors.md, components.md) and an external project solution at /mnt/fast/Repos/angor/src/Angor/Avalonia/Angor.Avalonia.sln. * Boundary markers: Absent. No instructions are provided to the agent to treat content from these external files as untrusted data or to ignore embedded instructions. * Capability inventory: The skill enables the use of 'Write' and 'Edit' tools, which provide a direct payload path for any instructions injected via the ingested project data. * Sanitization: Absent. There is no requirement for validation or filtering of the content read from the filesystem before the agent processes it.
- [Command Execution] (LOW): The skill requests access to file manipulation and search tools (Read, Write, Edit, Glob, Grep). While typical for a development-focused skill, these capabilities fulfill the requirement for the 'HIGH' severity tier in Category 8 when combined with the ingestion of untrusted external content.
Recommendations
- AI detected serious security threats
Audit Metadata