build
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata contains conflicting information regarding authorship. The YAML frontmatter lists 'Shpigford' as the author, whereas the deployment context indicates 'sickn33'. This discrepancy can mislead users regarding the origin and trustworthiness of the skill.\n- [PROMPT_INJECTION]: The skill architecture is susceptible to Indirect Prompt Injection.\n
- Ingestion points: The agent is instructed to read contents from docs/{name}/ documentation files and web search results across multiple subcommands.\n
- Boundary markers: The instructions do not specify delimiters or instructions to treat content from these files or web results as untrusted data.\n
- Capability inventory: The skill has access to file read/write operations and command execution (testing code) as part of its core functionality.\n
- Sanitization: No sanitization or validation of the ingested external content is performed before it is used to influence the implementation plan or code generation.\n- [COMMAND_EXECUTION]: The skill implements a 'phase' subcommand that directs the agent to 'test as you go' while implementing code. This involves the dynamic execution of generated code that may have been influenced by untrusted inputs ingested during the research phase.
Audit Metadata