pasta
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes restricted shell commands (ls * and cat *) to inspect the local filesystem. This is used to define technical scope and identify potential vulnerabilities within the project codebase.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the local environment, such as source code and configuration files.
- Ingestion points: Stage 2 and Stage 5 instructions command the agent to read and analyze files in the working directory using Read, Grep, and Bash tools. It also requests users to provide output from external security tools (SAST/DAST).
- Boundary markers: No boundary markers or specific instructions to ignore embedded commands within the analyzed data are provided.
- Capability inventory: The skill can write and edit files and execute restricted shell commands, providing an exploit surface if the agent is misled by injected instructions.
- Sanitization: No sanitization or validation of external file content or user-provided tool results is performed prior to processing.
Audit Metadata