chaos-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill exhibits a significant vulnerability surface because it is designed to ingest external system data and output executable failure-injection code.
- Ingestion points: Processes architectural maps, dependency lists, and critical paths provided by users or external configurations (SKILL.md, Core Workflow).
- Boundary markers: None. The skill lacks delimiters or explicit instructions to ignore commands hidden within the data it analyzes.
- Capability inventory: Generates failure injection scripts and Kubernetes manifests (SKILL.md, Output Templates), providing a direct path from untrusted input to executable output.
- Sanitization: No sanitization or validation of the input system data is specified, allowing for potentially malicious instructions to influence the generated code.
- Command Execution (HIGH): By design, this skill generates commands and manifests intended to disrupt infrastructure (e.g., Chaos Monkey, network chaos). This capability is easily weaponized if the agent's reasoning is compromised via indirect injection, as destructive actions can be framed as 'experiments'.
Recommendations
- AI detected serious security threats
Audit Metadata