high-risk-review
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill describes a workflow where the agent performs web research and then executes 'Minimal test commands' based on its findings. This creates an attack surface where an attacker-controlled website could provide malicious instructions that the agent might inadvertently execute during the verification process.
- Ingestion points: Web search results and external repository evidence (SKILL.md).
- Boundary markers: None specified in the instructions.
- Capability inventory: Access to
Bash(*)andWebSearch(*)tools. - Sanitization: No explicit sanitization or validation of the retrieved content before it influences command generation is mentioned.
- [Command Execution] (SAFE): The skill explicitly requires the
Bash(*)tool to perform its stated function of verifying technical claims. While bash execution is high-risk, the instructions treat it as a tool for validation rather than executing hardcoded or obfuscated malicious payloads. - Evidence: The
allowed-toolssection and procedure step 3 specify the use of bash for testing.
Audit Metadata