cost-guard
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The SKILL.md instructions call for 'powershell -ExecutionPolicy Bypass', which is a common technique to ignore system-level security restrictions and execute unsigned scripts.
- NO_CODE (HIGH): The core logic script 'tools/hvdc_ops.py' is referenced in 'run.ps1' but is not included in the provided files. This prevents verification of whether the skill performs dangerous actions such as network exfiltration or unauthorized file system modifications.
- PROMPT_INJECTION (HIGH): The skill creates a high-severity indirect prompt injection surface. (1) Ingestion points: 'data/invoice_lines.csv' and 'data/standard_rates.csv' are processed by the skill. (2) Boundary markers: No delimiters or instructions to ignore embedded commands are present. (3) Capability inventory: The skill has full command execution (via PowerShell) and file-writing capabilities. (4) Sanitization: Unverifiable as the script source is missing. An attacker could embed instructions in the CSV files to exploit the execution environment or subsequent agent interactions.
Recommendations
- AI detected serious security threats
Audit Metadata