interview
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). \n
- Ingestion points: The skill reads the local codebase to 'understand existing patterns' and ingests content from external sources via
exaand web search. \n - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands in the files it reads. \n
- Capability inventory: Possesses tool access to read files, perform network searches, and create tasks via
TodoWrite. \n - Sanitization: None present; external content is processed directly to inform the agent's logic. \n- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on external MCP dependencies
context7andexa. These are not included in the 'trusted source' scope and represent unverifiable third-party code that could execute logic or retrieve data outside of the immediate skill environment.
Recommendations
- AI detected serious security threats
Audit Metadata