kpi-dash
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The skill instructions explicitly use
-ExecutionPolicy Bypassto run a PowerShell script, which is a common technique used to circumvent system security settings designed to prevent unauthorized or untrusted script execution.\n- Unverifiable Dependencies (MEDIUM): The PowerShell script executes a local filetools/hvdc_ops.pythat is not provided in the skill contents. This hidden code cannot be audited for malicious behavior.\n- Indirect Prompt Injection (HIGH): The skill processes untrusted external data (data/shipments.csv,data/events.csv) and creates a report. Malicious instructions embedded within these CSV files could potentially influence the agent's behavior during or after processing.\n - Ingestion points:
data/shipments.csv,data/events.csvreferenced inSKILL.md.\n - Boundary markers: None present in the instructions or script to delimit untrusted data.\n
- Capability inventory: PowerShell command execution, Python script execution, and file writing to
reports/weekly_kpi.md.\n - Sanitization: Unknown; logic is contained within the missing
tools/hvdc_ops.pyscript.\n- Obfuscation (MEDIUM): The fail-safe instruction contains non-standard Unicode characters (以뮬단), which appears to be corrupted encoding or Mojibake of the Korean word for 'Stop/Interrupt'. This hinders clarity and could be used to hide intent.
Recommendations
- AI detected serious security threats
Audit Metadata