resonance-core
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The orchestration logic relies on the 'Manus Pattern' which ingests instructions from external files.\n
- Ingestion points: SKILL.md Operational Sequence (Step 1) reads 'task.md' and '.resonance/state.md' into the agent context.\n
- Boundary markers: None. The agent treats content in these files as authoritative instructions.\n
- Capability inventory: frontmatter defines 'run_command', 'write_file', and 'read_file'.\n
- Sanitization: No sanitization or verification of the content in 'task.md' is performed before execution steps.\n- Command Execution (HIGH): The orchestrator is granted the 'run_command' tool. Given the orchestrator's role in following 'The Master Plan' from files, this creates a direct path from untrusted file content to shell execution.
Recommendations
- AI detected serious security threats
Audit Metadata