auto-updater
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests 'improvements' and 'findings' from external sources like system-reviewer and manual requests (SKILL.md, Step 1). It lacks explicit boundary markers or sanitization logic for this content. Because the skill possesses high-privilege write and bash execution capabilities, a malicious actor could inject instructions into these source findings to cause the skill to write backdoors or execute arbitrary commands.
- Command Execution (HIGH): The skill is authorized to use 'Bash' and 'Edit' tools (SKILL.md, allowed-tools) to perform bulk updates and validate changes. The workflow (Steps 3 and 4) involves programmatically modifying skill files and running validation tools. In an adversarial context, these capabilities allow an attacker to gain persistent control over other skills in the agent's ecosystem or execute shell commands on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata