skills/jeremylongshore/claude-code-plugins-plus-skills/stakeholder-communication-template/Gen Agent Trust Hub
stakeholder-communication-template
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process 'stakeholder communication' and 'enterprise workflow' data, which are external, untrusted sources. Combined with the requested 'Bash' and 'Write' capabilities, this creates a high-risk surface where malicious instructions embedded in stakeholder messages or project documents could be executed by the agent.
- Ingestion points: Requests regarding stakeholder communication and enterprise workflows (SKILL.md).
- Boundary markers: None identified; the manifest provides no delimiters or instructions to ignore embedded commands.
- Capability inventory: 'Bash', 'Write', 'Edit', and 'Read' tools are requested.
- Sanitization: No sanitization or validation logic is provided in the manifest.
- Command Execution (MEDIUM): The skill explicitly requests the 'Bash' tool for a task (communication templates) that typically does not require shell access. This violates the principle of least privilege and increases the impact of potential injection attacks.
Recommendations
- AI detected serious security threats
Audit Metadata