research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is highly vulnerable to instructions embedded in external data it processes.
- Ingestion points: Uses
mcp__mcp-router__web_search_exaandmcp__mcp-router__searchGitHubto pull content from the live web and GitHub repositories into the agent's context. - Boundary markers: The skill lacks delimiters or explicit instructions to ignore natural language commands found within the retrieved code or search results.
- Capability inventory: The skill is granted access to high-privilege tools including
Bash,Write, andRead, which can be targeted by injected instructions. - Sanitization: No sanitization or validation of the retrieved external content is performed before the agent processes it.
- Command Execution (SAFE): The skill includes the
Bashtool in itsallowed-toolslist. While this is a high-privilege capability, the prompt instructions do not currently contain any malicious command patterns, persistence mechanisms, or privilege escalation attempts.
Audit Metadata