bulk-generate-concepts
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted data from external websites (ministry sites) and saves it to a research document that dictates the scope and content for sub-agents and PR descriptions.
- Ingestion points: Step 3 involves researching external curriculum standards from the web and extracting learning objectives and terminology.
- Boundary markers: Absent. There are no instructions to delimit the researched content or warn sub-agents to ignore embedded instructions within the research doc.
- Capability inventory: The skill possesses significant capabilities including file system writes, shell command execution (
git,bun), and external platform interaction (gh pr create). - Sanitization: None. The researched content is used directly to create branch names, commit messages, and PR bodies.
- [Command Execution] (MEDIUM): The skill executes multiple shell commands (
git,gh,bun run). While these are standard for a development workflow, they are parameterized with variables derived from external research data (e.g.,{subject},{N},{curriculum}), which could be manipulated via indirect injection.
Recommendations
- AI detected serious security threats
Audit Metadata