frontend-mix-explore
Fail
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions explicitly direct the agent to check for the presence of
.envand.env.localfiles and report on which variables are defined. These files are standard locations for storing sensitive credentials, API keys, and database tokens. Accessing and summarizing their content exposes potentially sensitive secrets to the AI model's context and any generated artifact files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external spec files or free-form descriptions provided via
$ARGUMENTS. - Ingestion points: The agent is instructed to use the
Readtool on absolute paths provided by the user or to treat free-form text as a specification (SKILL.md, Step 1). - Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when reading these external files or descriptions.
- Capability inventory: The skill has access to powerful tools including
Read,Glob,Grep, andBash(SKILL.md, Step 3), which could be abused if the agent follows instructions hidden within a malicious spec file. - Sanitization: No content validation or sanitization steps are defined before the agent summarizes the input or uses it to derive a "run-name" slug.
Recommendations
- AI detected serious security threats
Audit Metadata