digital-estate-planner
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides detailed templates (e.g., 'account-inventory-template.md') specifically designed to collect and store highly sensitive credentials, including master passwords for services like 1Password/Bitwarden, bank account details, and cryptocurrency seed phrases in unencrypted files within the workspace.
- [COMMAND_EXECUTION]: The skill is configured with powerful tools including 'Bash' and 'Task'. In the event of a compromise or prompt injection, these tools can be used to search for, read, and exfiltrate the sensitive documentation created by this skill.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user data (account descriptions and legacy notes) while maintaining access to high-impact tools like 'Bash' and 'WebFetch'.
- Ingestion points: The file 'account-inventory-template.md' and interactive user inputs for account documentation.
- Boundary markers: None present to distinguish between planning data and instructions.
- Capability inventory: 'Bash', 'WebFetch', 'Write', 'Edit', and 'Task' tools are available across the skill session.
- Sanitization: No sanitization or validation of the input data is performed before the agent processes or stores it.
Recommendations
- AI detected serious security threats
Audit Metadata