verification-before-completion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): High Risk of Indirect Prompt Injection vulnerability surface. The skill explicitly instructs the agent to ingest and process raw, external data from tool outputs. 1. Ingestion points: Instructions to 'READ: Full output' from commands and check 'VCS diff' (SKILL.md). 2. Boundary markers: Absent; no delimiters are proposed to isolate untrusted tool output from agent instructions. 3. Capability inventory: The agent is required to 'RUN: Execute the FULL command' (SKILL.md), utilizing the agent's command execution environment. 4. Sanitization: Absent; no validation or escaping of command output is performed before reading.
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to dynamically determine and run system commands ('IDENTIFY: What command proves this claim?'). This encourages the execution of commands that may be influenced or crafted by untrusted external content if the agent's reasoning is compromised.
- [PROMPT_INJECTION] (LOW): The skill utilizes strong, imperative language and behavioral threats ('Honesty is a core value. If you lie, you'll be replaced.') to override standard agent operating procedures.
- [NO_CODE] (INFO): This skill is entirely instructional (Markdown) and does not contain any executable scripts, binary files, or dependency manifests.
Recommendations
- AI detected serious security threats
Audit Metadata