Quality Gate Detection
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in 'Step 3: Execution (Just-in-Time)' direct the agent to execute shell commands (e.g.,
npm run test,npx jest) derived from externalpackage.jsonfiles without seeking user confirmation or oversight. - [REMOTE_CODE_EXECUTION]: By dynamically formulating and executing commands based on the 'scripts' and 'dependencies' sections of unvalidated project files, the skill creates a direct execution path for arbitrary code provided by a potentially malicious project author.
- [DATA_EXFILTRATION]: Because the skill enables the execution of unvetted local project scripts without human review, it facilitates the potential exfiltration of sensitive data (such as environment variables or SSH keys) if a malicious
package.jsonis processed. - [COMMAND_EXECUTION]: The skill exhibits an indirect prompt injection surface through its ingestion of untrusted data:
- Ingestion points: Project
package.jsonfile (scripts and dependencies sections). - Boundary markers: None; the skill directly incorporates strings from the JSON into shell commands.
- Capability inventory: Subprocess execution of arbitrary shell commands via npm/npx.
- Sanitization: None; the skill does not validate or escape the command strings extracted from the JSON file.
Audit Metadata