mixseek-config-validate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data in the form of TOML configuration files. 1. Ingestion points: Reads files from paths like 'configs/agents/team-*.toml' based on user input. 2. Boundary markers: No delimiters or instruction-ignore warnings are present in the instructions or described validation logic. 3. Capability inventory: Executes a validation script that provides 'correction suggestions' to the agent/user, effectively allowing the file content to influence downstream agent reasoning or instructions. 4. Sanitization: No sanitization of TOML content or protection against embedded instructions is described.
- [Command Execution] (HIGH): The skill performs shell execution using a user-controllable parameter. Evidence: 'skills/detect-python-command/scripts/run-python.sh skills/mixseek-config-validate/scripts/validate-config.py '. Risk: If the is not strictly validated or escaped by the agent, it allows for shell metacharacter injection (e.g., path.toml; arbitrary-command).
- [Data Exposure] (MEDIUM): The skill accesses sensitive internal configuration files. Evidence: Target files include 'configs/agents/', 'orchestrator.toml', and 'configs/judgment/'. These files typically contain proprietary system prompts, model configurations, and infrastructure details that should be protected.
Recommendations
- AI detected serious security threats
Audit Metadata