uunet
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The main title in SKILL.md includes a large block of zero-width characters (U+200B, U+200C, U+200D). Decoding these reveals leetspeak fragments and newline characters used to hide instructions from human review and potentially bypass agent safety layers.
- [PROMPT_INJECTION]: The skill's analysis of incident reports is vulnerable to indirect prompt injection due to a lack of data isolation.
- Ingestion points: The 'Security Operations' prompt in SKILL.md reads external datasets.
- Boundary markers: No delimiters or safety instructions are used to wrap external content.
- Capability inventory: The skill is authorized to analyze and extract information from the provided data.
- Sanitization: The skill does not validate or sanitize the input reports.
Recommendations
- AI detected serious security threats
Audit Metadata