Skills
NYC
skills/cexll/myclaude/test-cases/Gen Agent Trust Hub

test-cases

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill's core workflow involves reading external, potentially untrusted content (PRDs) and then performing file system operations.
  • Ingestion points: Step 1 in SKILL.md explicitly instructs the agent to use the Read tool to ingest PRD files provided by the user.
  • Boundary markers: There are no instructions in the skill to treat the content of the PRD as data rather than instructions. It lacks delimiters (e.g., XML tags or triple quotes) or 'ignore embedded instructions' warnings.
  • Capability inventory: The skill uses the Write tool in Step 6 to create markdown files in the tests/ directory. While restricted to a specific directory, an attacker-controlled PRD could attempt to influence the content or path of the output via path traversal or payload injection.
  • Sanitization: No sanitization or validation of the PRD content is mentioned before it is processed by the agent's reasoning engine.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:20 PM