Skills
skills/lisbeth718/pseo-skills/pseo-metadata/Gen Agent Trust Hub

pseo-metadata

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8). The skill instructions guide an agent to process external data fields to generate files and metadata.
  • Ingestion points: Data enters the agent's context via the PageData structure and getPageData function, which are sourced from external pSEO content models (referenced as pseo-data).
  • Boundary markers: There are no instructions defining delimiters or boundary markers to separate untrusted data from the agent's control logic.
  • Capability inventory: The skill explicitly allows Bash, Write, and Edit tools, giving the agent the ability to modify the filesystem and execute shell commands.
  • Sanitization: The skill contains no requirements or logic for sanitizing or validating the input data before it is used in file generation or command execution.
  • [COMMAND_EXECUTION] (HIGH): The inclusion of the Bash tool in allowed-tools represents a significant security risk. If an attacker manages to inject malicious instructions into the PageData fields, the agent could be manipulated into executing arbitrary shell commands with the privileges of the environment in which it is running.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:54 AM