soak-test-planner
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted user input (test patterns and requirements) to generate production-ready code and configurations. It lacks explicit boundary markers or instructions to ignore embedded commands, which is critical given its high-privilege tool access. Evidence Chain: 1. Ingestion points: User requests mentioning 'soak test planner' or asking about patterns (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Read, Write, Edit, and Bash tools (SKILL.md). 4. Sanitization: Absent.
- [Command Execution] (MEDIUM): The skill requests 'Bash' tool access without defining any safety constraints or restricted environments. This allows the AI agent to execute arbitrary shell commands based on potentially malicious user instructions disguised as performance testing parameters.
Recommendations
- AI detected serious security threats
Audit Metadata