data-client-rest-setup
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's migration guide for Axios (
references/axios-migration.md) instructs the user to runnpx jscodeshift -t https://dataclient.io/codemods/axios-to-rest.js. Executing a script directly from a remote URL is a high-risk operation that can lead to arbitrary code execution if the remote source is compromised or malicious.\n- [COMMAND_EXECUTION]: The skill requires executing various CLI tools and package managers (npm,yarn,pnpm,npx) to install dependencies and perform code transformations.\n- [DATA_EXFILTRATION]: Multiple reference files, includingreferences/RestEndpoint.md,references/auth.md,references/django.md,references/hookifyResource.md, andreferences/resource.md, use directory traversal (../../../../docs/) to reference documentation. This pattern attempts to access files outside the intended skill directory, which is a common indicator of unauthorized file access attempts.\n- [PROMPT_INJECTION]: The skill implements an automated migration workflow that ingests and processes untrusted data from the user's codebase.\n - Ingestion points: The skill scans
package.jsonand source files (e.g., insrc/) for library import patterns and dependencies.\n - Boundary markers: The instructions lack markers or safety prompts to prevent the agent from being misled by malicious patterns in the scanned code.\n
- Capability inventory: The agent is granted capabilities to install software, execute remote scripts, and modify project files based on the results of the scan.\n
- Sanitization: There is no evidence of sanitization for the code snippets or package lists detected during the scan.
Recommendations
- AI detected serious security threats
Audit Metadata