gatling-scenario-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted user input (testing requirements) and has access to high-privilege tools (Bash, Write, Edit). 1. Ingestion points: User-provided Gatling scenario descriptions and requests triggering the skill. 2. Boundary markers: Absent; there are no instructions to delimit user data or ignore embedded commands. 3. Capability inventory: Bash, Write, Edit, and Read (defined in allowed-tools in SKILL.md). 4. Sanitization: Absent; no validation or escaping logic is defined for the agent. This allows malicious input to potentially manipulate the agent into executing arbitrary code.
- Command Execution (MEDIUM): By requesting access to the Bash tool in SKILL.md, the skill provides a mechanism for system-level interaction. Without strict constraints or input sanitization, an agent could be coerced into running dangerous shell commands based on inputs received via the prompts.
Recommendations
- AI detected serious security threats
Audit Metadata