impl-pad
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by relying on an external markdown file (
pad.md) for instructions and implementation plans. If an attacker can influence this file, they can override the agent's behavior to perform unauthorized actions.\n - Ingestion points: Content is read from
pad.mdthroughout the execution process to define logic and implementation steps.\n - Boundary markers: Absent. The skill provides no instructions to separate the external data from the system prompt or to ignore embedded instructions.\n
- Capability inventory: The agent is authorized to modify the repository's source code and execute arbitrary shell commands for verification purposes.\n
- Sanitization: Absent. There are no validation steps for the content ingested from the external file.\n- [COMMAND_EXECUTION]: The execution logic directs the agent to 'Prioritize automated testing'. Since the code being tested and the test cases themselves are derived from the potentially untrusted
pad.mdfile, this allows for the execution of malicious commands or scripts in the agent's environment.
Audit Metadata