api-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: The skill is used to design or modify APIs and uses 'Read', 'Grep', and 'Glob' to ingest existing codebase content. Boundary markers: No delimiters or specific instructions are provided to the agent to distinguish between design patterns and potentially malicious instructions embedded in comments or code within the files being read. Capability inventory: The skill is granted 'Bash', 'Write', 'Edit', and 'TodoWrite' permissions, allowing for significant side effects including command execution and file manipulation. Sanitization: There is no evidence of sanitization or filtering of the content read from the file system before it is processed by the agent.
- COMMAND_EXECUTION (MEDIUM): The inclusion of 'Bash' in the 'allowed-tools' list grants the skill the ability to execute arbitrary shell commands. While listed for infrastructure tasks, this capability presents a dangerous attack surface if the agent's logic is subverted by malicious input in the codebase it analyzes.
Recommendations
- AI detected serious security threats
Audit Metadata