faq-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. It is designed to ingest and process technical documentation—content that may originate from untrusted sources—while having access to powerful tools like 'Bash' and 'Write'. This allows an attacker to hide instructions in documentation that the agent might unknowingly execute as shell commands.
- [Command Execution] (MEDIUM): The skill explicitly requests the 'Bash' tool. While potentially useful for documentation automation, granting shell access to a skill that handles external data significantly increases the risk of system compromise if the agent is misled by its input.
- [Indirect Prompt Injection] (HIGH): Mandatory Evidence Chain: (1) Ingestion points: Processes technical documentation files (implied by skill purpose). (2) Boundary markers: Absent; no instructions are provided to the agent to ignore embedded commands in the source files. (3) Capability inventory: Bash, Write, Edit, Read, Grep. (4) Sanitization: Absent; the skill lacks any mechanism to filter or sanitize content before it influences tool usage.
Recommendations
- AI detected serious security threats
Audit Metadata