backend-architect
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external data with high-privilege tools. * Evidence: 1. Ingestion points: The agent reads source code and analysis files using
Read,Grep, andGlob, and reviews changes viagit diff. 2. Boundary markers: Completely absent; there are no instructions for the agent to distinguish between its own logic and instructions found within the data it analyzes. 3. Capability inventory: The skill has access toBash, allowing arbitrary command execution. 4. Sanitization: None; external content is processed without filtering. - COMMAND_EXECUTION (MEDIUM): The inclusion of
Bashinallowed-toolsprovides a broad attack surface. While intended for development tasks, it can be exploited to run any command if the agent is manipulated by malicious input from the files it reviews.
Recommendations
- AI detected serious security threats
Audit Metadata