cook
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill exhibits a significant vulnerability to indirect prompt injection by interpolating untrusted user-supplied '$ARGUMENTS' into a high-privilege automated workflow. 1. Ingestion points: Data enters via the 'tasks' argument and files discovered via '/scout-ext'. 2. Boundary markers: The skill uses '' tags which provide structural context but no security isolation for the LLM. 3. Capability inventory: Extensive permissions including arbitrary file writing, test/compilation execution, and Git push operations. 4. Sanitization: No evidence of input filtering, instruction scrubbing, or sanitization.
- [COMMAND_EXECUTION] (MEDIUM): The routine workflow involves executing shell commands for compilation, type-checking, and media processing (ImageMagick), which provides a direct path for exploitation if malicious instructions are successfully injected via the task input.
Recommendations
- AI detected serious security threats
Audit Metadata