resonance-product
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill defines the
run_commandtool in its metadata. Although no malicious scripts are currently present, providing execution capabilities to an agent that processes untrusted external data is a high-risk configuration. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Data enters the context through user interviews (via
socratic_interrogation.md) and file analysis (viaread_file). - Boundary markers: There are no instructions for the agent to use delimiters or ignore instructions embedded within the data it processes.
- Capability inventory: The agent has access to
run_command,write_file, andedit_file, allowing for persistent system changes or execution of arbitrary code if triggered by an injection. - Sanitization: No input validation or sanitization logic is described to handle potentially malicious payloads in PRDs or interview transcripts.
- [PROMPT_INJECTION] (LOW): The skill's identity instructions in
SKILL.md("You do not take orders; you define outcomes") attempt to harden the agent's persona against direct manipulation, but this does not mitigate the indirect injection risks mentioned above.
Recommendations
- AI detected serious security threats
Audit Metadata