Skills
skills/peachsolution/peach-harness/peach-gen-backend/Gen Agent Trust Hub

peach-gen-backend

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructions require reading sensitive environment files, specifically api/src/environments/env.local.yml, to extract the DATABASE_URL. This operation exposes database connection strings and potential credentials to the agent context.
  • [COMMAND_EXECUTION]: The skill performs several shell operations on the local system, including cat, ls, grep, and head for reconnaissance, as well as bun test, bun run lint:fixed, and bun run build for verifying generated code.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting content from various local files (SQL schemas, existing DAO/Controller files) to guide code generation. If these files contain malicious instructions, they could influence the agent's output or command execution.
  • Ingestion points: api/src/environments/env.local.yml, api/src/modules/test-data/controller/test-data.controller.ts, api/src/modules/test-data/dao/test-data.dao.ts, api/db/schema/[도메인]/[테이블].sql.
  • Boundary markers: Not explicitly defined in instructions when reading these files.
  • Capability inventory: Shell execution (bun test, bun run), file system reading (cat, head).
  • Sanitization: No evidence of input validation or sanitization before processing file content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 12:12 PM