mesh-generation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core workflow of processing external data to drive system commands.
- Ingestion points: External data enters via user-provided inputs such as 'Domain size', 'Feature size', and 'Points per feature' (SKILL.md, 'Inputs to Gather' section).
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to isolate user data from the agent's command-generation logic.
- Capability inventory: The skill possesses 'Bash', 'Write', 'Read', 'Grep', and 'Glob' tools (SKILL.md, frontmatter), allowing for system command execution and file modification.
- Sanitization: There is no evidence of input validation, escaping, or sanitization before interpolating user inputs into CLI arguments.
- COMMAND_EXECUTION (MEDIUM): The workflow relies on the 'Bash' tool to execute local scripts (e.g., 'python3 scripts/grid_sizing.py'). If input parameters are not strictly validated, an attacker could potentially achieve command injection (e.g., via shell metacharacters in numerical fields).
Recommendations
- AI detected serious security threats
Audit Metadata