audit-agents-skills
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Deceptive metadata and fabricated authority.\n
- The skill references a fictional 'LangChain Agent Report 2026' and 'Claude Code Ultimate Guide line 4921' to justify its methodology and scoring thresholds.\n
- Use of future dates (2026) and specific line numbers in non-existent guides is a social engineering technique to gain user or agent trust through false authority.\n- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection.\n
- The skill ingests untrusted content from project files (agents, skills, commands) to perform its audit logic (Phase 1 and Phase 2).\n
- There are no boundary markers or sanitization steps identified in the Scoring Engine (Phase 2) to prevent processed data from influencing agent behavior.\n
- Malicious instructions embedded in audited files could hijack the agent session during the analysis process.\n- [COMMAND_EXECUTION]: Risk of command manipulation via Bash tool.\n
- The skill requires 'Bash' tool access to run grep-based detection patterns and perform file system discovery.\n
- The 'Fix Suggestions' phase combined with 'Write' tool access could lead to unauthorized modification of local files if the agent is influenced by malicious content in the files being audited.\n- [DATA_EXFILTRATION]: Access to sensitive configuration files.\n
- The skill explicitly targets the '.claude/' directory, which houses the agent's core instructions and skill definitions, representing a data exposure risk where sensitive prompt logic can be read and processed.
Audit Metadata