web-interface-guidelines
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill processes external code files provided via the $ARGUMENTS variable. 2. Boundary markers: There are no instructions to the agent to distinguish between its own guidelines and instructions that might be embedded in the code being analyzed. 3. Capability inventory: The skill specifically instructs the agent to 'offer to fix the issues directly,' which grants it the capability to write or modify files on the host system. 4. Sanitization: There is no evidence of sanitization or safety checks performed on the external content before processing. This combination allows an attacker to hide malicious prompts in a UI file that, when reviewed, could trick the agent into performing unauthorized file modifications.
Recommendations
- AI detected serious security threats
Audit Metadata