ln-503-regression-checker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection by design. It retrieves execution instructions from the untrusted repository file 'docs/project/runbook.md'. [Ingestion point: docs/project/runbook.md] [Boundary markers: Absent] [Capability inventory: Shell execution via Bash tool in Phase 2] [Sanitization: Absent].
- [COMMAND_EXECUTION] (HIGH): The skill builds and runs complex shell commands using input from the filesystem. The instructions specifically command the agent to follow the runbook's commands over its own logic, allowing malicious payloads (e.g., reverse shells, file exfiltration) to be executed during the test phase.
- [EXTERNAL_DOWNLOADS] (LOW): The 'diagram.html' file includes a remote script from 'cdn.jsdelivr.net'. While common for rendering diagrams, this is an unpinned external dependency from a source not included in the trusted provider list.
Recommendations
- AI detected serious security threats
Audit Metadata