implement-plan
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill directs the agent to run 'make check' and 'make fix' commands. This allows for arbitrary code execution via the local Makefile.
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection. The skill is designed to ingest and follow external 'spec documents' with no boundary markers or sanitization. An attacker can use these specs to manipulate the agent into performing malicious actions. Evidence Chain: 1. Ingestion: 'spec document' (untrusted). 2. Boundary markers: Absent. 3. Capability inventory: File modification, command execution (make). 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata