spool
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill documentation requires the use of 'sudo' to install 'xvfb' and modify system-level service configuration files in '/etc/systemd/system/'. This allows for significant system-level changes and potential privilege escalation if automated by an agent.\n- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from Threads.net and maintains the capability to post and reply, which is a high-risk configuration for indirect prompt injection.\n
- Ingestion points: The skill uses 'browser action=snapshot' on 'threads.net' (SKILL.md) to ingest web content.\n
- Boundary markers: There are no markers or instructions to isolate external content from the prompt.\n
- Capability inventory: The agent can post, reply, and search using 'browser action=act' (SKILL.md).\n
- Sanitization: No sanitization or filtering logic is present for external content.
Recommendations
- AI detected serious security threats
Audit Metadata