ideate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill interpolates user-controlled data ($ARGUMENTS) directly into instructions for a subagent or Task() component. Ingestion points: $ARGUMENTS in SKILL.md. Boundary markers: Absent; user input is not delimited from the system instructions (e.g., using XML tags or clear delimiters). Capability inventory: Mentions subagent and Task(), which are high-privilege agentic capabilities that can execute further actions. Sanitization: No sanitization or filtering of the $ARGUMENTS variable is performed before it is used in the prompt.
- [Insecure File Reference] (LOW): The skill uses a relative path traversal (@../../lib/ideate.md) to pull in external guidance. While likely a local library, this pattern allows the agent to read context from outside its own directory structure.
Recommendations
- AI detected serious security threats
Audit Metadata