init
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to create symbolic links using
ln -son Linux/macOS andNew-Itemon Windows. - [COMMAND_EXECUTION]: The skill requests elevated privileges by explicitly instructing the agent or user to run PowerShell in Administrator mode on Windows.
- [DATA_EXFILTRATION]: The skill's workflow involves scanning root directory configuration files, including
package.json,pyproject.toml, andgo.mod, to extract technology stack information. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the processing of untrusted project metadata.
- Ingestion points: The skill reads
package.json,pyproject.toml, andgo.modfrom the project root. - Boundary markers: Absent; there are no delimiters or instructions to ignore instructions embedded within the scanned files.
- Capability inventory: The skill possesses file system reading capabilities and command execution for creating symlinks.
- Sanitization: Absent; the skill does not validate or sanitize extracted content before including it in the AGENTS.md documentation.
Recommendations
- AI detected serious security threats
Audit Metadata