cook
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a
<tasks>$ARGUMENTS</tasks>block which interpolates user-supplied arguments into the agent's task processing context. This creates a risk of command injection if a user provides input that is interpreted as executable directives by the agent's underlying tools, such as 'TaskCreate'. - [PROMPT_INJECTION]: The '$ARGUMENTS' placeholder serves as an ingestion point for untrusted user input within the skill's primary instruction set. Without delimiting boundary markers or specific safety instructions to ignore embedded commands, this surface is vulnerable to indirect prompt injection, allowing a user to potentially override the skill's 'HARD-GATE' logic or 'Red Flag' stop conditions.
Audit Metadata