virgil
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to install
virgil-cliusingcargo install --git https://github.com/virgil-cli/virgil-cli. As this source is not on the trusted organizations list, the download and subsequent build process (which executes build scripts) represent a risk of executing unverified code from an unknown source.\n- [COMMAND_EXECUTION] (MEDIUM): Thevirgil querycommand allows for the execution of raw DuckDB SQL. This powerful dynamic execution interface could be exploited to perform unintended filesystem operations or resource-intensive tasks if the agent is directed to run malicious queries.\n- [PROMPT_INJECTION] (LOW): (Category 8 - Indirect Prompt Injection) The skill exposes an attack surface for indirect prompt injection by processing external codebase data. 1. Ingestion points: Results from codebase parsing and search commands. 2. Boundary markers: Absent. 3. Capability inventory: Broad filesystem read access and raw SQL execution. 4. Sanitization: None documented. Malicious content embedded in the analyzed codebase (e.g., in comments or symbol names) could attempt to manipulate the agent's logic when analysis results are returned.
Audit Metadata