decision-critic
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): Documentation in SKILL.md and README.md (e.g., 'IMMEDIATELY invoke', 'Do NOT analyze first') attempts to override the agent's internal reasoning and safety protocols. This is an adversarial pattern designed to prevent the LLM from evaluating the command before execution.
- Command Execution (HIGH): The command template in SKILL.md ('python3 -m skills.decision_critic.decision_critic --decision ''') is a shell injection vector. Because the user-controlled 'decision text' is interpolated directly into a shell string, an attacker can use shell metacharacters to execute arbitrary code.
- Indirect Prompt Injection (LOW): The skill lacks input sanitization or boundary markers (e.g., delimiters) when processing external user data, creating a surface for injection into the subsequent shell execution context.
Recommendations
- AI detected serious security threats
Audit Metadata