resource-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill defines a vulnerability surface where untrusted data is processed to perform sensitive operations.\n
- Ingestion points: URI parameters such as
filenamein Template E (src/resources/(files)/[filename]/content.ts) are used to construct file paths.\n - Boundary markers: No delimiters or instructions are provided to the agent to treat this data as purely literal or to ignore embedded instructions.\n
- Capability inventory: The templates use
fs/promises.readFilefor file access and reference external data fetching via placeholders.\n - Sanitization: Template E lacks sanitization to prevent directory traversal (e.g., checking for
..in thefilename). While 'Best Practices' suggests Zod for validation, the specific example provided is vulnerable to path traversal if used as-is.\n- [Command Execution] (LOW): The skill suggests the user executepnpm buildto verify the generated code, which is standard for the development workflow described but remains an execution of local commands.
Audit Metadata