magicpath
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and execute code using
npx magicpath-aiand themagicpath-ai addcommand, which fetches UI components and their dependencies from the npm registry and MagicPath servers. - [REMOTE_CODE_EXECUTION]: The
magicpath-ai addcommand installs React/TypeScript components and potentially new npm dependencies into the local project environment atsrc/components/magicpath/. - [DYNAMIC_CONTEXT_INJECTION]: The skill uses the
!commandsyntax inSKILL.mdto executemagicpath-ai info --jsonat skill load time to provide the agent with immediate project and authentication context. This is used for discovery and is limited to the vendor's own CLI tool. - [INDIRECT_PROMPT_INJECTION]: The skill processes theme definitions from the MagicPath API which include a
promptfield containing natural-language styling instructions. The agent is explicitly instructed to follow these instructions when adapting components, creating a vulnerability surface for indirect prompt injection. - Ingestion points: Theme definitions fetched via
magicpath-ai get-theme <id-or-name> -o jsonand component source code frommagicpath-ai inspect <generatedName> -o json. - Boundary markers: None. There are no delimiters or instructions provided to the agent to disregard malicious commands embedded in the theme instructions or component source code.
- Capability inventory: The agent has access to
Bash(magicpath-ai *)for network and CLI operations, as well as the ability to read and modify local project files. - Sanitization: None. The instructions do not mention validating or sanitizing the input from the
promptfield or component source before processing. - [COMMAND_EXECUTION]: The skill relies on the execution of the
magicpath-aiCLI tool for all core functionalities, including searching, inspecting, and installing components.
Audit Metadata