create-todos
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill explicitly directs the agent to use
sed -iandawkfor in-place file modifications. These commands are populated with data from external sources such as 'security findings' or 'code review' results. This pattern facilitates command injection or malicious code insertion if an attacker can influence the findings used by the agent. - [DATA_EXFILTRATION] (LOW): The skill performs broad codebase analysis using
git diffandgrep, and reads various project documentation files for context, granting the agent extensive read access to the repository. - [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). (1) Ingestion points: README.md, CONTRIBUTING.md, and outputs from other tools. (2) Boundary markers: Absent. (3) Capability inventory: sed and awk file modification. (4) Sanitization: The instructions do not specify any sanitization of external content before it is interpolated into shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata