pseo-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant attack surface by ingesting untrusted codebase content (Category 8). 1. Ingestion points: Codebase files accessed via 'Read' and 'Grep'. 2. Boundary markers: Absent. 3. Capability inventory: 'Bash' (system command execution), 'Read' (file system access), 'Glob', 'Grep'. 4. Sanitization: Absent. A malicious codebase could contain instructions that hijack the agent's logic during the audit.
- Command Execution (HIGH): The skill explicitly allows the 'Bash' tool. While instructions specify not to modify code, the agent could be manipulated into running harmful shell commands if it encounters a prompt injection within the files it is scanning.
- Data Exposure & Exfiltration (MEDIUM): The audit procedure (Category 2) targets configuration files and data sources to assess SEO readiness. This could inadvertently lead to the exposure of sensitive credentials, environment variables, or API keys found within the audited environment if the agent's focus is misdirected.
Recommendations
- AI detected serious security threats
Audit Metadata