Skills
skills/iamladi/cautious-computing-machine--sdlc-plugin/interview/Gen Agent Trust Hub

interview

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is highly susceptible to indirect prompt injection because it ingests untrusted data and possesses write capabilities.
  • Ingestion points: The $1 argument (file path or topic description) and the contents of the file read via the Read tool in the 'Detecting Input Type' section.
  • Boundary markers: Absent. The instructions do not define delimiters or provide 'ignore embedded instructions' directives when processing external content.
  • Capability inventory: Includes reading local files, interacting with users via the AskUserQuestion tool, and most critically, updating files in-place ('update the file in-place with refined insights').
  • Sanitization: None. There is no logic to validate or escape the content being read before it is analyzed and used to determine the next agent actions.
  • [File System Manipulation] (MEDIUM): The instruction to 'update the file in-place' grants the agent the ability to overwrite data. An attacker could use a malicious file to trick the agent into corrupting sensitive files or injecting malicious content into existing scripts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:34 AM