m11-ecosystem
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a shell command instruction in SKILL.md:
grep -A 100 '^\\[dependencies\\]' Cargo.toml 2/dev/null | head -30 || echo "No Cargo.toml found". This pattern allows the agent to execute shell utilities and interact with the host filesystem to inject file contents into its runtime context.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of local file data. - Ingestion points: The skill reads the contents of the project's
Cargo.tomlfile. - Boundary markers: No delimiters or warnings are used to separate the injected file content from the agent's instructions.
- Capability inventory: The skill possesses the ability to execute shell commands (
grep,head) and process the resulting output as context. - Sanitization: No validation, escaping, or filtering is performed on the data retrieved from the filesystem before it is processed by the model.
Audit Metadata