cve-impact
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs restrictive language and authoritative markers such as 'CRITICAL: This skill must be used for ALL CVE discovery' and 'DO NOT use raw MCP tools... directly' to override the agent's default tool-calling behavior.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting data from documentation and tool outputs.
- Ingestion points: The workflow involves reading local markdown files (e.g., 'vulnerability-logic.md', 'insights-api.md') and processing dynamic data from 'lightspeed-mcp' tool outputs.
- Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings used when incorporating content from external files or tool responses into the agent's context.
- Capability inventory: The skill is capable of invoking other automated agents ('sre-agents:remediator') and calling MCP tools to query sensitive vulnerability and system information.
- Sanitization: No evidence of sanitization or validation of the ingested content is present before the data is processed by the agent.
Audit Metadata