Skills
skills/duc01226/easyplatform/cook-fast/Gen Agent Trust Hub

cook-fast

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the $ARGUMENTS parameter. This input is placed directly inside a <tasks> block, and the agent is instructed to begin execution immediately.
  • [PROMPT_INJECTION]: The workflow explicitly directs the agent to skip critical safety and quality steps, including research, planning documentation, and code reviews. This intentional reduction in oversight increases the risk that malicious or unsafe instructions within the user-provided tasks will be executed.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface Analysis: 1. Ingestion points: The $ARGUMENTS variable in SKILL.md serves as a direct entry point for external data into the agent's task queue. 2. Boundary markers: Although tasks are enclosed in <tasks> tags, there are no instructions to the agent to ignore potentially malicious embedded commands within the input data. 3. Capability inventory: The skill possesses the ability to write to the file system (/code), commit changes to version control (/commit), and modify the agent's flow (TaskCreate). 4. Sanitization: No sanitization, escaping, or validation of the $ARGUMENTS content is performed before interpolation into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:11 AM