verification-before-completion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface. The skill requires the agent to execute commands and process their raw output (READ: Full output) as the basis for logic decisions and completion claims. This creates a significant vulnerability surface where malicious code in the target environment (e.g., in unit tests, build logs, or linters) can influence agent behavior by injecting instructions into the output stream.
- Ingestion points: Verification command output processed in the Gate Function (SKILL.md).
- Boundary markers: Absent. No delimitation or instructions to ignore embedded content within tool outputs are provided.
- Capability inventory: High-privilege command execution and final state decision-making (RUN and VERIFY steps).
- Sanitization: Absent. The instructions mandate reading the full output without any filtering or validation.
Recommendations
- AI detected serious security threats
Audit Metadata