senior-secops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection due to its core functionality. Ingestion points: External data enters the agent context via
<project-path>,<target-path>, and the current directory (.) passed to scanning scripts inSKILL.md. Boundary markers: None are specified to protect the agent from instructions embedded within the analyzed code or configuration files. Capability inventory: The skill executes local Python scripts, runs package managers (npm,pip), and manages infrastructure viadockerandkubectl. Sanitization: There is no evidence of input validation or instruction filtering. - [Unverifiable Dependencies] (MEDIUM): The workflow requires running
npm installandpip install -r requirements.txtwithout specifying package versions or verified sources, which facilitates supply chain attacks. - [Command Execution] (MEDIUM): The skill performs frequent command-line operations (Docker, Kubernetes, Python scripts). If the paths provided to these tools are not strictly sanitized, it could lead to arbitrary command execution on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata