turbo
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by transforming user-provided 'contract prompts' into executable code through an external LLM.
- Ingestion points: The 'contract prompt' defined in
SKILL.mdis passed to the generation tool. - Boundary markers: No delimiters or 'ignore' instructions are present to prevent the agent from obeying instructions embedded within the contract prompt data.
- Capability inventory: The skill utilizes the
mcp__speed-run__generate_and_write_filestool to write directly to the local filesystem and explicitly directs the user to run the generated code. - Sanitization: There is no evidence of sanitization or validation of the input prompt or the generated output before it is committed to disk.
- [COMMAND_EXECUTION]: The core workflow requires the user to execute a test suite against code that was generated by an external service and written to the local disk. If the generation process is compromised via the input prompt or a model failure, this results in the execution of potentially malicious code on the host system.
Audit Metadata