aeo-qa-agent
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTIONSAFE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted code changes for review. Evidence: (1) Ingestion points: Code files provided in the review process. (2) Boundary markers: Absent. (3) Capability inventory: Filesystem write access to apply 'Auto-Fix' rules. (4) Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): The skill authorizes the agent to automatically modify the codebase to remove logs, debuggers, and unused imports. While intended, this allows the agent to perform write operations on the local filesystem.
- [SAFE] (SAFE): The URLite scanner alert for 'logger.info' is a false positive caused by the '.info' top-level domain matching a standard JavaScript method. Examples of hardcoded credentials in the documentation are non-functional placeholders used for educational purposes.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata