robel-auth
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses a bash script (
scripts/check-upstream.sh) to download markdown files and documentation from external GitHub repositories (robelest/convex-authandget-convex/self-hosting) to the/tmpdirectory. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface detected.
- Ingestion points: The agent is instructed to fetch and read external content from GitHub (e.g.,
README.md,INTEGRATION.md) and the websiteauth.estifanos.comto guide its implementation steps. - Boundary markers: No delimiters or safety warnings are provided to help the agent distinguish between its core instructions and potentially malicious instructions embedded in the external content.
- Capability inventory: The skill allows for file system modifications (writing authentication and configuration code) and shell command execution (installing packages via npm and executing local scripts).
- Sanitization: External content is processed and acted upon without validation or sanitization, allowing the source content to influence the agent's generated code or commands.
- [COMMAND_EXECUTION]: The skill executes shell commands for environment discovery and setup.
- Runs a local bash script to perform upstream checks.
- Uses
npm viewandnpm install(including direct GitHub repository installations) to manage dependencies. - Uses
lsandcatto inspect the contents ofnode_modulesfor API verification.
Audit Metadata