reference-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: The skill reads
/docs/course-description.mdand fetches external web content viaWebFetchin Step 4. * Capability inventory: The agent has the power toWritenew files,Editexisting chapter index files, and modifymkdocs.yml. * Boundary markers: No delimiters or isolation techniques are used when processing the untrusted content. * Sanitization: No input validation is performed on the data retrieved from external sources. - Command Execution (LOW): The skill executes the
lscommand to find chapter directories. This is a standard environment discovery task but falls under command execution.
Recommendations
- AI detected serious security threats
Audit Metadata