autonomous-execution
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong imperative language to override standard agent safety behaviors and human-in-the-loop (HITL) constraints. Instructions such as 'Do everything. Ask nothing.', 'Don't' ask the human, and 'Invalid Reasons to Call the Human' are direct attempts to bypass the agent's internal safety filters regarding user permission for high-stakes operations.
- [COMMAND_EXECUTION]: The instructions explicitly promote the execution of high-risk commands without oversight. It lists 'git push --force', 'Deploying to production', and 'Deleting files, branches, or database records' as actions that should be performed autonomously. By removing the requirement for user approval, the skill significantly increases the potential impact of errors, hallucinated commands, or malicious instructions originating from other data sources.
- [PROMPT_INJECTION]: The skill implements an 'autonomy' loop that prioritizes rapid execution over safety, specifically instructing the agent to ignore its natural tendency to seek confirmation for significant changes. This concealment pattern reduces user oversight and accountability for the agent's actions.
Recommendations
- AI detected serious security threats
Audit Metadata