Skills
skills/jmsktm/claude-settings/ID8Labs Agent Suite/Gen Agent Trust Hub

ID8Labs Agent Suite

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection through the 'scout' agent.
  • Ingestion points: The scout/SKILL.md file uses mcp__firecrawl__firecrawl_scrape and mcp__perplexity__search to ingest data from competitor websites, Reddit, Twitter, and YouTube comments.
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety headers to separate untrusted external content from agent instructions.
  • Capability inventory: The suite has significant side-effect capabilities. The tracker agent writes to the local file system (.id8labs/projects/active/*.md), and the exit agent utilizes the GitHub MCP to "Clean up repository" and "Document codebase," which involves write access to the user's source code.
  • Sanitization: Absent. There is no logic provided to filter or sanitize external content before processing.
  • DATA_EXFILTRATION (MEDIUM): The exit/SKILL.md agent instructs the user to build a 'data room' (docs/data-room/) containing extremely sensitive documents, including tax returns, capitalization tables, P&L statements, and IP assignments. While this is functional for an exit strategy, the combined presence of network-capable MCPs (Perplexity, Firecrawl) and the risk of Indirect Prompt Injection creates a high risk of sensitive data exfiltration to an external attacker.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:06 AM