Skills
skills/breverdbidder/life-os/d1-swim-recruiting/Gen Agent Trust Hub

d1-swim-recruiting

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill metadata explicitly allows the Bash tool. This provides the agent with the capability to execute arbitrary shell commands on the host environment. Without specific constraints or sandboxing mentioned, this poses a risk of system compromise if the agent is manipulated.
  • [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality.
  • Ingestion points: Data enters the context via discussions on recruitment, tracking rival athletes (e.g., 'Verified Rivals' table), and managing coach outreach logs.
  • Boundary markers: None. There are no delimiters or instructions to ignore embedded commands in the data processed.
  • Capability inventory: The agent has access to Bash (command execution) and Write (file modification).
  • Sanitization: None. The skill does not define any filtering or validation for the data it processes.
  • [DATA_EXFILTRATION] (MEDIUM): The skill contains Personal Identifiable Information (PII) including full name, date of birth, and location. While intended for recruitment, the presence of the Bash tool allows for the exfiltration of this data or local environment secrets to an external actor if the agent is compromised through a malicious prompt.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:22 AM