status-code-recommender
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external data such as API designs, specs, and patterns. It lacks delimiters or explicit instructions to ignore embedded commands. Given its
Bash(curl:*),Write, andEditcapabilities, a malicious specification could trigger the agent to exfiltrate local data or corrupt the filesystem. Evidence: 1. Ingestion points: User requests and external API context in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit in SKILL.md. 4. Sanitization: Absent. - [Command Execution] (MEDIUM): The allowed tools include
Bash(curl:*), which grants arbitrary network access. While intended for API development, this provides a direct vector for exfiltration or downloading malicious payloads if the agent is misled by data processed at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata