resonance-skill-author
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill has access to the
run_commandtool. The instructions inSKILL.md(Operational Sequence) suggest using it for directory generation and skill initialization, but there are no constraints preventing the execution of arbitrary and potentially malicious shell commands if the agent's logic is subverted. - [PROMPT_INJECTION] (HIGH): The skill is specifically vulnerable to Indirect Prompt Injection (Category 8). Its primary function is to 'Understand' user intent and 'Initialize/Edit' skill files. Because it lacks input sanitization or explicit instruction boundary markers, a malicious user could provide instructions that lead the agent to write malicious scripts or bypass security protocols in the skills it generates.
- [DATA_EXPOSURE] (MEDIUM): Through the
read_fileandrun_commandtools, the agent has the capability to access sensitive local data. Since the agent's behavior is driven by user-defined 'Jobs to Be Done', it could be coerced into exposing configuration files or environment variables if not properly restricted.
Recommendations
- AI detected serious security threats
Audit Metadata