Skills
skills/deepread-tech/skills/prepare/Gen Agent Trust Hub

prepare

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill interpolates the $ARGUMENTS variable directly into its instruction set without using delimiters, XML tags, or boundary markers. A malicious task description could contain instructions that override the agent's system prompt to perform unauthorized actions.
  • Evidence (Ingestion Point): The task description: "$ARGUMENTS" in SKILL.md.
  • Evidence (Capabilities): The skill has access to Bash, Read, Grep, and Glob tools.
  • Evidence (Sanitization): No escaping, validation, or sanitization logic is present for the input.
  • [Command Execution] (HIGH): The skill explicitly allows the Bash tool. In the context of a successful prompt injection attack, the agent could be manipulated into running malicious shell commands under the guise of "planning" or "checking files."
  • [Data Exposure] (MEDIUM): The skill instructions direct the agent to explore the directory structure and read files like src/core/config.py and various documentation. While intended for context, a hijacked session could redirect these tools to exfiltrate environment variables, SSH keys, or other sensitive local data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:55 AM