quality-gate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection. It is designed to verify external artifacts, which means the agent will ingest untrusted data from the local file system that could contain hidden instructions targeting the agent's logic or tools.
- Ingestion points: The skill uses 'Read', 'Grep', and 'Glob' to ingest content from the project workspace during 'Pre-QA' and 'Pre-Release' checks.
- Boundary markers: None. There are no instructions provided to the agent to treat file content as data only or to ignore embedded natural language instructions.
- Capability inventory: The skill has access to 'Bash' (command execution), 'Write' (file modification), and 'TodoWrite'. This combination allows an attacker to transition from reading a file to executing commands.
- Sanitization: Absent. There is no requirement for the agent to sanitize or validate the content of the files it reviews before processing them through its reasoning engine or using them as arguments for tools.
- [COMMAND_EXECUTION] (HIGH): The skill requests and uses the 'Bash' tool. While intended for quality gate checks, the lack of constraints on how shell commands are constructed from external file content allows for potential arbitrary command execution if an external file influences the command string.
Recommendations
- AI detected serious security threats
Audit Metadata