orient
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and interpret data from untrusted external sources (unfamiliar codebase files). Evidence Chain: 1. Ingestion points: Reads README.md and core files identified during exploration (SKILL.md). 2. Boundary markers: Absent; no instructions are provided to distinguish between codebase data and system instructions. 3. Capability inventory: Enables deep file system exploration and influences downstream 'lead agent' decisions via reporting. 4. Sanitization: Absent; the agent is instructed to 'read and apply' guidance from referenced files without validation.
- Command Execution (MEDIUM): The 'orient' and 'explore' functionality implicitly requires file system navigation (e.g., listing, reading) on untrusted directory structures, which can be exploited if the underlying tools are susceptible to path manipulation or malicious file names.
Recommendations
- AI detected serious security threats
Audit Metadata