security-review
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted external data (source code from the local workspace) while possessing high-privilege capabilities that can modify the system or execute commands.
- Ingestion points: The skill utilizes
Read,Grep, andGlobtools to pull file contents into the agent's context for review. - Boundary markers: Absent. There are no instructions or markers defined to help the agent distinguish between its own instructions and potentially malicious instructions embedded in the code being audited.
- Capability inventory: The agent is granted
Bash,Write,Edit, andTaskcapabilities, which allow for arbitrary command execution and filesystem modification. - Sanitization: Absent. Source code is ingested and processed as raw text without validation or escaping.
- [External Downloads] (MEDIUM): The workflow recommends the use of
dotnet outdated, which is a third-party community tool for .NET. This creates a dependency on unverified external code that may be downloaded and executed if not already present. - [Command Execution] (LOW): The skill relies on
BashandGrepfor searching through directories. While intended for auditing, these tools provide broad access to the host environment and file metadata.
Recommendations
- AI detected serious security threats
Audit Metadata