validating-pci-dss-compliance
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/generate_report.pyfile contains agenerate_scriptmethod that takes arbitrary text input and writes it to a.shfile. The script then callsfile_path.chmod(0o755)to make the generated file executable. This allows the skill to dynamically create and prepare shell scripts for execution based on runtime input. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from external codebases and infrastructure configurations (e.g., AWS Terraform or CloudFormation files).
- Ingestion points: The skill identifies and reads source code repositories and configuration files in the target environment as part of its 'Analyze the Target' step.
- Boundary markers: The provided scripts lack delimiters or instructions to treat findings from external files as untrusted content.
- Capability inventory: The skill has the ability to write files and execute Bash commands via the
Bash(security:*),Bash(scan:*), andBash(audit:*)tools, and it includes a Python utility for generating executable shell scripts. - Sanitization: There is no evidence of sanitization or escaping of the content read from external files before it is used in the
generate_report.pyscript to generate output files. - [DATA_EXFILTRATION]: The skill instructions and examples explicitly direct the agent to access sensitive infrastructure components, including AWS configuration files and the source code of payment applications. While necessary for a PCI-DSS audit, this workflow involves the systematic reading of highly sensitive data which could be exposed if the skill's reporting mechanism is compromised.
Audit Metadata