checks
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (!
commandsyntax) in SKILL.md to execute a shell command at load time. This command reads 'package.json' and uses a Python one-liner to parse and return the 'scripts' object to the agent context. - [COMMAND_EXECUTION]: The skill workflow involves executing shell commands via 'npm run' (e.g., lint-fix, lint, test). These commands are sourced from the local project configuration.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it executes scripts defined in the 'package.json' file, which could be modified by an attacker in a collaborative environment (e.g., via a malicious Pull Request).
- Ingestion points: package.json (referenced in SKILL.md and read during workflow).
- Boundary markers: Absent; there are no instructions to verify the integrity or safety of the scripts before execution.
- Capability inventory: Local shell command execution via npm.
- Sanitization: Absent; the skill assumes the scripts in the local configuration are safe to run.
Audit Metadata