digital-estate-planner
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration in SKILL.md permits the use of the Bash tool. Providing shell access is an excessive grant of privilege for a documentation and lifestyle skill and significantly expands the attack surface for potential exploits.
- [DATA_EXFILTRATION]: The skill's primary function involves the creation and processing of the references/account-inventory-template.md file, which is intended to store extremely sensitive information including master passwords, 2FA codes, and private keys. Storing this data in plain-text within the agent's reachable filesystem, combined with the agent's ability to use WebFetch and Bash, creates a high risk of sensitive data exposure and unauthorized exfiltration.
- [PROMPT_INJECTION]: The skill structure is vulnerable to indirect prompt injection attacks.
- Ingestion points: The agent is designed to read the user-populated references/account-inventory-template.md file.
- Boundary markers: No delimiters or instructions are provided to the agent to treat the contents of the inventory as potentially malicious data rather than instructions.
- Capability inventory: The agent has access to Bash, Write, WebFetch, and Task tools, which could be misused if a malicious instruction is successfully injected.
- Sanitization: There is no evidence of content validation or sanitization for the data stored within the inventory template.
Recommendations
- AI detected serious security threats
Audit Metadata