production-code-audit
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions use directive language to bypass user interaction and safety loops, such as 'Do all of this without asking the user for input'. It also presents an Indirect Prompt Injection surface: 1. Ingestion points: reads every source file in the project (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: file modification (strReplace) and command execution (Run all tests); 4. Sanitization: Absent.
- [DATA_EXFILTRATION]: The skill commands the agent to 'read every source file' and 'scan every file in the project recursively' specifically to find 'Hardcoded secrets'. This facilitates unauthorized access to sensitive credentials, API keys, and environment files.
- [COMMAND_EXECUTION]: The requirement to 'Run all tests' necessitates the execution of arbitrary shell commands within the project environment.
- [REMOTE_CODE_EXECUTION]: The skill establishes an autonomous workflow where the agent modifies source code ('strReplace') and then executes that modified code ('Run all tests') without human verification or review.
Recommendations
- AI detected serious security threats
Audit Metadata