e2e-find
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill discovers and executes shell commands from the project's configuration files, such as 'package.json', 'Makefile', or 'docker-compose.yml', to start the web service (Step 3). This could lead to arbitrary command execution if the repository contains malicious scripts.
- [REMOTE_CODE_EXECUTION]: By instructing the agent to run scripts derived from the local environment's files, the skill facilitates the execution of logic that is not part of the skill's own code.
- [PROMPT_INJECTION]: The skill reads and processes untrusted data from the user's repository, including source code, READMEs, and config files, to infer user flows. This creates a surface for indirect prompt injection where hidden instructions in the code could attempt to manipulate the agent's behavior.
Audit Metadata