context-hub
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill initiates the global installation of the
@aisuite/chubpackage via NPM. This dependency is unversioned and originates from a third-party scope. - [COMMAND_EXECUTION]: The skill executes several automated shell commands to manage environment state and documentation:
- Global software installation using
npm install -g @aisuite/chub. - Repository management tasks including
git fetch,git pull --rebase, andgit stashare mandated before editing files. - Active use of the
chubCLI tool for searching and fetching data from an external registry. - [PROMPT_INJECTION]: The skill structure exhibits a significant surface for indirect prompt injection:
- Ingestion points: External documentation fetched at runtime from the
chubregistry (identified in SKILL.md). - Boundary markers: Absent. The skill does not provide delimiters or warnings to the agent to help it distinguish between legitimate documentation and malicious instructions embedded within the documentation content.
- Capability inventory: The agent has the authority to modify the local codebase, install packages, and synchronize with remote git repositories, providing a high-impact target for successful injection.
- Sanitization: There is no evidence of validation or filtering applied to the documentation content before it is processed by the agent.
- Adversarial Pattern: The instructions specifically command the agent to "Implement from fetched docs only" and "fetch first, code second," which increases the risk of the agent accidentally executing instructions hidden in the documentation.
Audit Metadata