simplify
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection as it ingests untrusted code from the session and has the capability to modify the filesystem to 'refine' that code. Malicious instructions within comments or strings in the ingested code could subvert the agent's behavior. * Ingestion points: Reads recently modified code from the current session. * Boundary markers: None present (no delimiters or 'ignore' instructions for code content). * Capability inventory: File-write (authorized to apply refinements to code files). * Sanitization: None.
- [PROMPT_INJECTION] (MEDIUM): The instruction to 'operate autonomously and proactively' without 'explicit requests' increases the risk by removing human-in-the-loop validation, allowing potentially malicious modifications to occur without user oversight.
Recommendations
- AI detected serious security threats
Audit Metadata