Skills
skills/yonkoo11/frontend-design-skills/ui-revamp/Gen Agent Trust Hub

ui-revamp

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/report.js utility uses the execSync function to execute a shell command constructed from the targetPath argument. This argument is sourced directly from command-line inputs via process.argv without any validation or escaping. (Evidence: scripts/report.js line 20: const output = execSync("node ...")).
  • [REMOTE_CODE_EXECUTION]: The absence of sanitization for shell-interpolated variables allows for command injection. An attacker providing a path with shell control characters (e.g., ;, &, or |) can execute arbitrary system commands, leading to full compromise of the host environment.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by exposing high-privilege system capabilities (shell execution) to inputs (file paths) that may be influenced by untrusted external sources. Evidence Chain: 1. Ingestion points: scripts/report.js and scripts/audit.js (via process.argv). 2. Boundary markers: None. 3. Capability inventory: Arbitrary shell execution via execSync and file system access via fs.readFileSync. 4. Sanitization: None.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 09:38 AM