Skills
skills/schalkneethling/masonry-gridlanes-wc/css-token-use-validator/Gen Agent Trust Hub

css-token-use-validator

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The findFiles function in scripts/validator.js contains a command injection vulnerability. It uses child_process.execSync to run a bash command where the file search pattern is directly interpolated into the command string (bash -c '... for f in ${pattern}; do echo "$f"; done'). This allows arbitrary command execution if a user or the agent provides a pattern containing shell metacharacters such as semicolons or backticks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes CSS files from the local environment and reports findings back to the agent without sanitization.
  • Ingestion points: CSS files are read and parsed for custom property names in scripts/validator.js.
  • Boundary markers: Absent. The script output does not use delimiters or warnings to separate extracted content from instructions.
  • Capability inventory: The skill can execute shell commands (via the command execution flaw) and read arbitrary files via its scripts.
  • Sanitization: None. The property names extracted from the CSS files are reported directly to the agent's context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 05:42 AM
Security Audit — agent-trust-hub — css-token-use-validator