verification-before-completion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill utilizes highly assertive behavioral steering and imperative language (e.g., "Iron Law", "If you lie, you'll be replaced", "Non-negotiable") to override the agent's standard operational guidelines.
- [Indirect Prompt Injection] (HIGH): The skill creates a high-severity vulnerability surface by requiring the agent to ingest external data and use it to define execution tasks. Evidence Chain: 1. Ingestion points: The agent identifies verification commands from the project context (README, package.json, Makefile) and reads full command outputs. 2. Boundary markers: Absent; the skill does not specify delimiters for untrusted command output. 3. Capability inventory: The skill mandates the execution of arbitrary shell commands via the "Gate Function". 4. Sanitization: Absent; there is no validation or filtering of the identified commands before execution.
- [Command Execution] (HIGH): The core instruction to "RUN: Execute the FULL command" identified at runtime provides a direct mechanism for arbitrary code execution if the agent is misled into identifying a malicious command as a verification step.
Recommendations
- AI detected serious security threats
Audit Metadata