skills/waynesutton/finder9/robel-auth/Gen Agent Trust Hub

robel-auth

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses a bash script (scripts/check-upstream.sh) to download markdown files and documentation from external GitHub repositories (robelest/convex-auth and get-convex/self-hosting) to the /tmp directory.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface detected.
  • Ingestion points: The agent is instructed to fetch and read external content from GitHub (e.g., README.md, INTEGRATION.md) and the website auth.estifanos.com to guide its implementation steps.
  • Boundary markers: No delimiters or safety warnings are provided to help the agent distinguish between its core instructions and potentially malicious instructions embedded in the external content.
  • Capability inventory: The skill allows for file system modifications (writing authentication and configuration code) and shell command execution (installing packages via npm and executing local scripts).
  • Sanitization: External content is processed and acted upon without validation or sanitization, allowing the source content to influence the agent's generated code or commands.
  • [COMMAND_EXECUTION]: The skill executes shell commands for environment discovery and setup.
  • Runs a local bash script to perform upstream checks.
  • Uses npm view and npm install (including direct GitHub repository installations) to manage dependencies.
  • Uses ls and cat to inspect the contents of node_modules for API verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 11:45 AM
Security Audit — agent-trust-hub — robel-auth