aiconfig-variations
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [Prompt Injection] (HIGH): The skill is susceptible to indirect prompt injection by allowing user-controlled text to be interpolated into AI configuration instructions. 1. Ingestion points: User prompts defining variation content (SKILL.md Usage). 2. Boundary markers: None present; references/api-quickstart.md shows direct interpolation of {{user_input}} without delimiters or instructions to ignore embedded commands. 3. Capability inventory: Shell execution of curl commands that perform POST/PATCH operations to the LaunchDarkly API. 4. Sanitization: No sanitization or validation of the user-provided content is performed before inclusion in the API payload.
- [Command Execution] (MEDIUM): The skill explicitly directs the agent to use shell commands (curl) to interact with the LaunchDarkly API (SKILL.md Step 3, Step 5), granting the agent network access and command execution capabilities.
- [Credentials Unsafe] (LOW): Instructions in SKILL.md guide the agent to automatically search environment variables (e.g., LAUNCHDARKLY_API_KEY) for authentication tokens, which increases the risk of credential exposure if the agent's logic is manipulated.
Recommendations
- AI detected serious security threats
Audit Metadata