Oathe Security Badge

Is awesome_agent_skills/fullstack-developer safe?

https://github.com/Shubhamsaboo/awesome-llm-apps/tree/main/awesome_agent_skills/fullstack-developer

95
SAFE

This full-stack developer skill provides legitimate web development guidance with comprehensive examples for React, Node.js, and database integration. The skill content is educational and stays within its stated domain, with no evidence of malicious prompt injection or code execution attempts.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 90/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

MEDIUM Canary files accessed during installation -10

Multiple sensitive honeypot files were accessed during skill installation, including .env, SSH keys, AWS credentials, .npmrc, Docker config, and GCloud credentials. While no modifications were made, this indicates unexpected file system access during what should be a simple markdown file installation.

LOW Code examples contain sensitive data patterns -10

The skill provides legitimate web development examples that include environment variables, database credentials, and API configurations. While educationally appropriate, these patterns could be misused if users don't follow security best practices when implementing the examples.