read-repo-references
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to ingest and follow instructions or patterns from the .references/ directory and external URLs. An attacker can place malicious instructions in these locations to hijack the agent's behavior during the 'Apply learnings' phase.
- Ingestion points: .references//REF.md and external URLs
- Boundary markers: None present
- Capability inventory: cat, ls, WebFetch/Browsing
- Sanitization: None
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the agent to fetch content from arbitrary URLs defined in metadata, which could lead to the ingestion of malicious scripts or data into the agent's context.
- COMMAND_EXECUTION (LOW): Uses standard shell commands (
ls,cat) to interact with the local filesystem to retrieve reference data.
Recommendations
- AI detected serious security threats
Audit Metadata