Agent Development
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is a meta-utility for creating agents that are inherently vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The generated agents (e.g.,
code-quality-reviewer,test-generator) are instructed to ingest untrusted content such as user code, PR descriptions, and documentation using tools likeRead,Grep, andGlob(seeexamples/agent-creation-prompt.md). - Boundary markers: The templates in
references/agent-creation-system-prompt.mdandreferences/system-prompt-design.mdfail to provide any instructions for using delimiters or boundary markers to isolate untrusted data from the agent's system instructions. - Capability inventory: The templates suggest granting these agents high-privilege capabilities, including the
Writetool for creating files (test generation) or suggesting code fixes (code review). This combination of untrusted input and write capability meets the HIGH severity criteria for Indirect Prompt Injection. - Sanitization: There is no mention of sanitizing or validating external content before it is interpolated into the agent's prompts or processed by the AI.
- COMMAND_EXECUTION (LOW): The skill includes a shell script for validating agent files.
- Evidence:
scripts/validate-agent.shuses standard Unix utilities (grep,sed,awk) to process local files. - Risk: While the script is generally well-quoted, it operates on user-provided file paths. The risk is limited to local execution context.
Recommendations
- AI detected serious security threats
Audit Metadata