mdr-745-specialist
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The 'Tools' section in
SKILL.mdprovides examples of shell commands to run a gap analyzer script:python scripts/mdr_gap_analyzer.py --device "Device Name" --class IIa. If an agent uses these templates to execute the tool, user-provided content for the 'device' parameter could be used to perform command injection (e.g.,Device"; touch /tmp/hacked; #). - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on a local script
scripts/mdr_gap_analyzer.pywhich is referenced as a primary tool but its source code is missing from the skill package. This makes the executable logic unverifiable. - [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted data (medical device descriptions and names) and use that data to drive a command-line tool.
- Ingestion points: User input for device name and classification in the MDR Gap Analyzer.
- Boundary markers: None provided in the command templates.
- Capability inventory: Shell command execution (python script invocation).
- Sanitization: None; the documentation suggests direct interpolation of user strings into shell arguments.
Recommendations
- AI detected serious security threats
Audit Metadata