kiro-skill
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The workflow documented in 'helpers/workflow-diagrams.md' introduces a critical attack surface by reading external specification files and using them to direct the agent's 'Task Execution' and 'Implementation' phases. 1. Ingestion points: '.kiro/specs/requirements.md' and related documentation files. 2. Boundary markers: Absent; no instructions exist to isolate or ignore embedded prompts. 3. Capability inventory: 'Execute Task' and 'Implementation' steps allow for high-privilege operations including command execution and file modification. 4. Sanitization: Absent; the process lacks validation or filtering of external content. Evidence: Automated scanners (URLite) detected a malicious URL in the 'requirements.md' file which serves as the primary input for this workflow.
- No Code (LOW): The analyzed files ('helpers/kiro-identity.md' and 'helpers/workflow-diagrams.md') consist solely of identity guidelines and workflow diagrams in Markdown format. No active code logic or tool configurations were found in the provided snippet.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata