frontend-specialist
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts 'references/domains/artifact-engineering/scripts/init-artifact.sh' and 'bundle-artifact.sh' perform system-level operations including global package installation ('npm install -g pnpm') and project scaffolding via 'pnpm create'. A command injection vulnerability exists in 'init-artifact.sh' where the 'PROJECT_NAME' variable is interpolated directly into a 'sed' command string ('s/.*</title>/'"$PROJECT_NAME"'</title>/') without sanitization. This allows an attacker to manipulate the 'index.html' file content or potentially cause 'sed' execution errors by providing a project name with embedded delimiters or malicious characters.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in 'references/domains/artifact-engineering/scripts/init-artifact.sh'. Ingestion point: PROJECT_NAME variable ($1). Boundary markers: Absent. Capability inventory: The script can modify files ('sed', 'node', 'cat') and install software ('npm', 'pnpm'). Sanitization: Absent. This surface allows untrusted user input to influence sensitive file-writing operations and command arguments.
- [EXTERNAL_DOWNLOADS]: The initialization scripts download and install numerous third-party dependencies from the NPM registry at runtime. While the tools themselves are standard (Vite, Tailwind, etc.), the dynamic installation of many packages from an external registry increases the attack surface.
Audit Metadata