Skills
skills/dnyoussef/ai-chrome-extension/feature-dev-complete/Gen Agent Trust Hub

feature-dev-complete

Fail

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill takes user input via the feature_spec parameter and interpolates it directly into prompts for Gemini and Codex. This creates a surface for prompt injection where malicious input could override agent instructions. Furthermore, the skill processes untrusted data from web searches and existing codebase files without boundary markers or sanitization before providing it as context to the code generation model (Codex). Ingestion points: target_directory (local code) and research.md (web search results). Boundary markers: Absent in prompts provided to codex and gemini. Capability inventory: codex --full-auto (code generation), cp (filesystem writes), gh pr create (repository updates). Sanitization: None detected.- [COMMAND_EXECUTION]: The execution flow utilizes several command-line tools including npx, gh, gemini, and codex. The use of npx to execute claude-flow utilities involves downloading and running code from the NPM registry at runtime. Standard tools such as git, jq, and awk are also used to manipulate local files and repository state.- [REMOTE_CODE_EXECUTION]: The skill automates the promotion of AI-generated code to a Pull Request. The codex --full-auto command generates implementation files which are then copied into the source directory and committed to the repository. While a security scan is performed, the lack of a mandatory human review step before code is committed to a PR represents a significant risk for supply chain integrity.- [DATA_EXFILTRATION]: The script invokes the gemini tool with the --files flag targeting the target_directory. This action transmits the contents of the local codebase to an external API for analysis, which may involve the exposure of proprietary logic or sensitive comments.- [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run several tools from the claude-flow suite. This introduces a dependency on the availability and integrity of these packages in the NPM registry. While these appear to be vendor-provided resources, the execution of remote code at runtime remains a critical security consideration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 2, 2026, 07:18 AM