Exploration & Discovery
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill implements an autonomous exploration loop designed to ingest untrusted external data, making it vulnerable to indirect prompt injection. (1) Ingestion points: The researcher_agent autonomously fetches evidence from external sources. (2) Boundary markers: None are present in the implementation pattern to separate data from instructions. (3) Capability inventory: The skill is described as having the ability to autonomously decide code to run. (4) Sanitization: No sanitization or validation of external content is mentioned.
- COMMAND_EXECUTION (HIGH): The implementation pattern explicitly mentions that the agent autonomously decides what code to run to test hypotheses. Without sandboxing or human oversight, this allows for arbitrary code execution triggered by untrusted external inputs.
Recommendations
- AI detected serious security threats
Audit Metadata