Skills
skills/millionco/skills/budge/Gen Agent Trust Hub

budge

Warn

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill requires the inclusion of an external script from https://www.budge.design/budge.iife.js in the project layout, which executes vendor-provided JavaScript in the user's browser context.\n- [EXTERNAL_DOWNLOADS]: Runtime assets, including the IIFE script and audio feedback samples, are downloaded from budge.design, which is not an established trusted domain.\n- [PROMPT_INJECTION]:\n
  • [Indirect Prompt Injection Surface]: The workflow involves an external script generating a text prompt for the user to paste back to the agent, allowing external influence over agent instructions (Ingestion: clipboard; Boundaries: none; Capabilities: file editing; Sanitization: none).\n
  • [Metadata Poisoning]: The skill contains deceptive instructions in website/AGENTS.md and website/package.json specifying illegitimate versions of core packages (next@16.2.2, react@19.2.4) and commanding the agent to read local documentation paths for instructions, which is a known vector for redirecting agents to malicious instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 10, 2026, 03:43 AM