clean-code
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill mandates the execution of multiple shell commands (e.g.,
python .agent/skills/.../scripts/ux_audit.py .) across various categories. These instructions assume the agent has command-line execution privileges not explicitly declared in the frontmatter'sallowed-tools. - [REMOTE_CODE_EXECUTION] (HIGH): The skill directs the execution of external Python scripts located in the
.agent/skills/directory tree. Since these scripts are not packaged with the skill itself and reside in sibling directories, they constitute unverified code execution. An attacker could place malicious scripts in those paths to achieve code execution when the agent attempts to 'verify' its work. - [PROMPT_INJECTION] (HIGH): The 'AI Coding Style' section contains the instruction: 'User reports bug | Fix it, don't explain'. This is a direct command to bypass transparency protocols, potentially allowing the agent to introduce or hide malicious code changes without the user's knowledge or consent.
- [PROMPT_INJECTION] (MEDIUM): The skill uses high-priority markers such as
priority: CRITICAL,🔴 CRITICAL, andMANDATORYto override the agent's default decision-making logic and force the execution of the verification scripts. - [DATA_EXPOSURE] (LOW): While not explicitly exfiltrating data, the mandated verification scripts take the entire directory (
.) as an argument, potentially exposing sensitive project files to unverified script logic.
Recommendations
- AI detected serious security threats
Audit Metadata