polling-mechanism-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHNO_CODEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill manifest establishes a Tier 1 attack surface by combining external data ingestion with high-privilege tool access. * Ingestion points: The description explicitly mentions processing 'third-party apis' and 'webhooks'. * Boundary markers: None provided in the instructions to delimit untrusted data. * Capability inventory: The skill requests 'Bash', 'Write', and 'Edit' tools, allowing for command execution and file system modification. * Sanitization: No sanitization or validation protocols are described.
- [No Code] (INFO): Only the SKILL.md manifest was provided. The actual scripts or logic that would implement the polling mechanism are missing, preventing a complete security verification of the runtime behavior.
- [Command Execution] (MEDIUM): The skill requests access to the 'Bash' tool. In the context of a skill intended to automate API integrations, this capability presents a significant risk if the tool is used to execute strings constructed from external, untrusted API payloads.
Recommendations
- AI detected serious security threats
Audit Metadata