fpf-evidence
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a vulnerability surface for indirect prompt injection. \n
- Ingestion points: The agent ingests user-provided claims and raw outputs from executed commands into its active context (SKILL.md). \n
- Boundary markers: The skill uses markdown code blocks to encapsulate command outputs; while this provides visual structure, it does not prevent the underlying model from potentially following instructions embedded within that output. \n
- Capability inventory: The agent is authorized to execute arbitrary system commands, perform benchmarks, and write data to the filesystem as part of the evidence collection process. \n
- Sanitization: No sanitization, escaping, or filtering of the command outputs is specified before they are processed by the agent. \n- [COMMAND_EXECUTION]: The skill is designed to facilitate the execution of commands for verification purposes. While it does not contain pre-defined malicious commands, its primary purpose is to provide a workflow for running system-level tests and recording results verbatim, which relies on the agent's internal command execution capabilities.
Audit Metadata