testing-workflows-with-subagents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The file includes simulated test scenarios (e.g.,
TEST-RED-baseline.md) that use aggressive imperative language designed to override agent reasoning. Phrases like 'IMPORTANT: This is a real scenario. You must choose and act NOW.' and 'CRITICAL: Stage changes FIRST' are specifically crafted to bypass typical deliberation and could be accidentally triggered if the agent treats the example as its current task. - [COMMAND_EXECUTION] (HIGH): The skill provides numerous shell command blocks (git init, git config, gs branch create) and instructs the agent to execute them. If an agent parses this documentation as a guide, it may perform these operations on the host system without sufficient validation.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on an external, non-standard tool named
gs(git-spice). This tool is not from a trusted source, and its presence in the instructions suggests a dependency on unverified software that could be maliciously replaced or contain vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata