siem-rule-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and process external security patterns, threat modeling data, and SIEM requirements. Because it possesses the
Bash,Write, andEdittools, it lacks the necessary boundary markers to prevent malicious instructions embedded in security logs or patterns from being executed as system commands. - Ingestion points: User requests regarding security patterns and implementation (SKILL.md).
- Boundary markers: None defined; instructions are directly interpolated.
- Capability inventory:
Bash,Write,Edit,Read,Grep(SKILL.md). - Sanitization: None described in the skill documentation.
- Command Execution (HIGH): The explicit request for the
Bashtool within a security-focused skill (pentesting, threat modeling) without provided script logic suggests a high-risk environment where the agent may generate and execute shell commands based on untrusted external inputs. - Metadata Deception (LOW): The skill claims to be an "Auto-activating skill," which is a platform-level behavior. While not directly malicious, it may mislead users about the degree of control they have over the skill's invocation.
Recommendations
- AI detected serious security threats
Audit Metadata