Skills
skills/yonatangross/orchestkit/msw-mocking/Gen Agent Trust Hub

msw-mocking

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION] (HIGH): The script scripts/create-msw-handler.md contains a command to scan sensitive environment files: grep -r "API_URL\|VITE_API\|NEXT_PUBLIC_API" .env*. Accessing .env files is a high-risk operation as they often contain secrets, even if the grep is targeting URLs.
  • [COMMAND_EXECUTION] (MEDIUM): The script scripts/create-msw-handler.md uses several shell commands (grep, find, date) to gather project context. While used for automation, these commands provide the agent with deep visibility into the local filesystem and configuration.
  • [EXTERNAL_DOWNLOADS] (LOW): The setup checklist in checklists/msw-setup-checklist.md recommends npx msw init ./public --save, which involves downloading and executing the msw CLI tool. As msw is a trusted package, this is classified as low risk.
  • [REMOTE_CODE_EXECUTION] (LOW): The skill generates TypeScript code handlers based on user input ($ARGUMENTS). While this is the intended purpose, it creates an injection surface where maliciously crafted arguments could influence the generated test code.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:58 PM