athena-work
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its 'zero-instruction' processing model where the data package itself provides the instructions. 1. Ingestion points: The skill extracts and reads multiple files from a user-provided .athenabrief ZIP archive, including brief.md, summaries.json, and reference markdown files. 2. Boundary markers: The skill lacks explicit boundary markers or instructions to disregard embedded commands; it is explicitly directed to use the brief as its primary instruction set. 3. Capability inventory: The skill has access to Bash, Read/Write tools, and can delegate tasks to web search, image generation, and code analysis skills. 4. Sanitization: There is no evidence of sanitization or validation logic to filter out malicious instructions from the processed files.
- [COMMAND_EXECUTION]: The skill employs the Bash tool to extract ZIP archives. Processing untrusted archives presents a potential risk of command injection or directory traversal if the tool does not properly sanitize filenames or paths contained within the ZIP.
Audit Metadata