battle-plan
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill relies on user-provided task descriptions to determine which files to read and explore during the 'Recon' phase. Ingestion points: User-defined task goals in Phase 1. Boundary markers: None. Capability inventory: bash (find, grep, cat, head, python) and file:read. Sanitization: None.
- [Command Execution] (HIGH): Access to bash and file reading allows for potential data exposure if the agent is manipulated into 'mapping' sensitive system paths.
- [Remote Code Execution] (HIGH): The inclusion of Python in the toolset allows for arbitrary code execution, which poses a severe risk when inputs are derived from potentially malicious user prompts.
Recommendations
- AI detected serious security threats
Audit Metadata