monthly-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted content from local project files and git history and possesses file-writing capabilities, meeting the criteria for a HIGH-tier vulnerability surface.
- Ingestion points: Processes content from
.research/project_telos.md,.research/phase_checklist.md,.research/logs/weekly/*.md, and the Git log. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: The skill has the capability to write new markdown files to the local file system (
.research/logs/monthly/). - Sanitization: None; external content is interpolated directly into the reasoning process and output generation.
- Command Execution (LOW): The skill requires the agent to execute a shell command (
git log) to gather project context. While routine, this is a subprocess call that operates on the local repository.
Recommendations
- AI detected serious security threats
Audit Metadata