Skills
AGENT LAB: SKILLS
skills/yusukebe/hono-skill/hono/Gen Agent Trust Hub

hono

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires or suggests the installation of @hono/cli via npm or npx. While @hono/cli is a standard tool for the Hono framework, the Hono organization is not included in the 'Trusted External Sources' list, making this an unverifiable dependency installation.
  • [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection due to the combination of external data ingestion and powerful system capabilities.
  • Ingestion points: The skill fetches external data through hono search and hono docs commands (SKILL.md).
  • Boundary markers: There are no boundary markers or instructions to the agent to disregard embedded instructions within documentation.
  • Capability inventory: The skill allows file writing via hono optimize and execution of local application code via hono request (SKILL.md).
  • Sanitization: No sanitization or filtering of external content is specified before the data is processed by the agent.
  • [COMMAND_EXECUTION] (MEDIUM): The skill's primary function involves executing CLI commands. Specifically, hono request dynamically loads and executes logic from local Hono application files, and hono optimize performs file system writes to create bundles.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:05 PM