document
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): Significant indirect prompt injection surface due to ingestion of untrusted data with high-privilege capabilities. * Ingestion points: Reads docs/task/ and docs/testing/ files to gather implementation context. * Boundary markers: Absent; no delimiters or instructions to ignore instructions within sources are defined. * Capability inventory: The skill can write to the project's root CLAUDE.md file and use the Task tool to trigger a sub-agent for deployment (/ship). * Sanitization: No validation or sanitization is performed on ingested content before interpolation.
- [EXTERNAL_DOWNLOADS] (LOW): References external plugins from GitHub. * Evidence: Links to vercel-labs/agent-skills and supabase/agent-skills. * Trust Scope: Sources match the Trusted External Sources list, downgrading this finding to LOW per [TRUST-SCOPE-RULE].
Recommendations
- AI detected serious security threats
Audit Metadata