flow-next-rp-explorer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary function is to ingest untrusted data from a codebase and provide it to the agent context. 1. Ingestion points: File contents, search results, and repository structures (SKILL.md). 2. Boundary markers: None specified in the instructions. 3. Capability inventory: Executes shell commands via
rp-cliand supports file system write operations through output redirection (e.g.,> codebase-map.md). 4. Sanitization: None identified. - Command Execution (HIGH): The skill directs the agent to execute shell commands using the
rp-cliutility. This presents a risk if the agent interpolates unvalidated user input into these command strings. - External Dependency (MEDIUM): Requires the
RepoPromptCLI tool (version 1.5.62+). This tool is not on the trusted external source list, posing a potential supply chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata