Skills
skills/hainamchung/agent-assistant/spec-miner/Gen Agent Trust Hub

spec-miner

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface because it is intended to ingest and process untrusted external data (legacy or undocumented code) and has the capability to execute commands.
  • Ingestion points: The skill uses Read, Grep, and Glob to pull content from external codebases into the agent context.
  • Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between the skill's instructions and the data being analyzed.
  • Capability inventory: The skill is granted access to the Bash tool, allowing for arbitrary command execution on the host system.
  • Sanitization: No sanitization or validation of the ingested code is mentioned, increasing the risk that embedded instructions in the code (e.g., in comments or string literals) will be followed by the agent.
  • Command Execution (MEDIUM): The explicit inclusion of the Bash tool in allowed-tools provides a powerful execution environment. While necessary for some 'archaeology' tasks, it represents a substantial security risk if the agent's reasoning is compromised via prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:21 PM