review-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and process external 'skills' (Ingestion points) which are untrusted data. It possesses 'High' tier capabilities including 'Bash', 'Write', and 'Edit' (Capability inventory). There are no defined boundary markers or sanitization procedures mentioned to prevent the agent from executing instructions embedded within the skill it is reviewing, especially during 'Step 3: Functional Testing'.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly enables 'Bash' and 'Edit' tools. This grants the agent the ability to execute arbitrary commands and modify files, which, when combined with the processing of untrusted external content, creates a significant risk of unauthorized system modification or code execution.
Recommendations
- AI detected serious security threats
Audit Metadata