careful-delete
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill allows external content to influence high-privilege execution paths without sanitization. Ingestion points: Filenames, database table/database names, and git branch identifiers processed during the assessment and confirmation phases. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions within the items being deleted. Capability inventory: The skill is explicitly granted 'bash' access for destructive tools including rm, git, drop, and truncate via its YAML configuration. Sanitization: Absent; Phase 3 explicitly commands the agent to execute the 'exact command discussed' without any modification or validation of the components within that command string.
- [Command Execution] (MEDIUM): The skill legitimizes the use of highly destructive shell and database commands. While intended to add friction to accidental deletions, the existence of these capabilities represents a security risk if the 'confirmation gate' is manipulated by an attacker or a malicious payload hidden in data the agent processes.
Recommendations
- AI detected serious security threats
Audit Metadata