chaos-engineering
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides bash commands for system-level modifications, such as using
tc(traffic control) to inject network latency and packet loss, which can disrupt connectivity. - [COMMAND_EXECUTION]: Includes commands for resource exhaustion, such as CPU and memory stress via the
stressutility and disk space filling usingdd, potentially leading to system crashes or Denial of Service (DoS). - [COMMAND_EXECUTION]: Mentions high-impact administrative actions like killing processes, restarting containers, and terminating cloud instances as part of experiments.
- [PROMPT_INJECTION]: The 'Experiment Template' creates an indirect prompt injection surface. If the agent uses this template to ingest and process results from external sources (such as log files or monitoring tools), it could be influenced by malicious instructions embedded in that data.
- Ingestion points: SKILL.md (Experiment Template section)
- Boundary markers: Absent; the template does not utilize delimiters or 'ignore' instructions for external data fields.
- Capability inventory: Bash, Read, Write (allows execution of impactful system commands based on processed content).
- Sanitization: Absent; there are no instructions or scripts provided to sanitize or validate external input before it is used by the agent.
Audit Metadata