IterativeDepth
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The workflow in
Workflows/Explore.mdprocesses untrusted user input and interpolates it into the 'Agent Prompt Template' for sub-agents. • Ingestion points: 'Problem/Request' input inWorkflows/Explore.md. • Boundary markers: Absent; user input is concatenated directly into instructions. • Capability inventory: Spawns background agents and executesTaskCreate/TaskUpdatecommands to modify system state. • Sanitization: None; input is used raw in prompt construction. - Dynamic Execution (HIGH): The skill dynamically generates instructions for background agents. By including unvetted user content in these instructions, it enables potential execution of malicious sub-tasks or goal redirection.
- Local Configuration Overrides (MEDIUM):
SKILL.mdidentifies a local path (~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/IterativeDepth/) for loading overrides. This provides a vector for behavior modification or persistence if an attacker can manipulate the local filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata