error-recovery
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's examples demonstrate the installation of external Python packages using
pip installto resolve environment issues, which involves fetching software from remote registries. - [COMMAND_EXECUTION]: The error recovery protocol defined in
SKILL.mdandreferences/EXAMPLES.mdinstructs the agent to fix environment configuration errors by executing system commands, such as installing dependencies or modifying settings. - [PROMPT_INJECTION]: The skill evaluates untrusted data from error messages, exceptions, and tracebacks to determine its recovery logic, making it susceptible to indirect prompt injection attacks.
- Ingestion points: Error messages and stack traces identified as triggers in
SKILL.md. - Boundary markers: The protocol lacks delimiters or specific instructions to the agent to treat error content as data only, potentially allowing embedded malicious instructions to be executed.
- Capability inventory: The agent is authorized to perform environment modifications, package installations, and alternate logic paths as part of its recovery strategies.
- Sanitization: No sanitization or validation logic is defined to check the content of error messages before the agent acts upon them.
Audit Metadata