build-system
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (HIGH): The skill processes untrusted natural language via the 'audio-system-description' argument. Attackers can use this to override agent instructions and trigger malicious tool usage within the pipeline.
- Command Execution (HIGH): The skill is explicitly allowed the 'Bash' tool. While intended for generating project structures, this tool can be exploited to execute arbitrary shell commands if the agent's logic is subverted via input injection.
- Data Exposure & Exfiltration (MEDIUM): Tools like 'Read', 'Grep', and 'Glob' enable the agent to search for and read files. An attacker could use indirect prompt injection to force the agent to search for sensitive credentials or SSH keys and include them in the generated output.
- Indirect Prompt Injection (HIGH): Mandatory Evidence Chain: 1. Ingestion point: The 'audio-system-description' argument in 'SKILL.md'. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the skill definition. 3. Capability inventory: 'Bash' (command execution), 'Read/Grep/Glob' (file access and search), and modification of files in the 'src/ue_audio_mcp/' directory. 4. Sanitization: No input validation, escaping, or filtering of the natural language description is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata