interview-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's analysis scripts ingest untrusted repository content. * Ingestion points:
analyze-commits.sh,extract-tech-stack.sh, andcalculate-impact.pyread output fromgit log. * Boundary markers: None; untrusted data is processed directly. * Capability inventory: Shell and Python execution of system commands. * Sanitization: None; commit messages are not sanitized. - [Metadata Poisoning] (MEDIUM):
VALIDATION.mdcontains self-referential safety claims and a deceptive checklist that misrepresents file contents (e.g., claiming 2,000+ words for a file that is significantly shorter). It also references a missingSKILL.md. - [Command Execution] (MEDIUM): The scripts execute
gitoperations. This capability can be leveraged to read metadata from sensitive directories like/etcor.sshif the agent is coerced into using those paths.
Recommendations
- AI detected serious security threats
Audit Metadata