wiring
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it is designed to ingest and act upon untrusted data from a user's project (e.g., source code, configuration files).
- Ingestion points: The skill and its included analysis script (
scripts/check-wiring.mjs) read project files includingpackage.json,Dockerfile, and source code files. - Boundary markers: The instructions do not explicitly provide delimiters or warnings to ignore malicious instructions embedded in the project files being analyzed, which could lead to an agent following embedded adversarial commands.
- Capability inventory: The skill is capable of modifying files on the filesystem (via
scripts/check-wiring.mjswith the--fixflag) and is instructed to execute verification commands likenpm install,npm run build, andnpm run dev(SKILL.md). - Sanitization: While the included script uses regular expressions for path repairs, it does not validate or sanitize the content of project-defined scripts before the agent is encouraged to run them.
- [COMMAND_EXECUTION]: The skill workflow involves identifying and executing shell commands defined within the configuration of the project being audited.
- Evidence: The instructions in
SKILL.mddirect the agent to identify the project's "intended run command" (e.g.,npm run dev) and other verification scripts (e.g.,npm run build,npm test) from thepackage.jsonfile. If an attacker has embedded malicious commands in these scripts, the agent would execute them as part of its standard verification routine.
Audit Metadata