iterate-skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill identifies a workflow to ingest untrusted data from evaluation.md and evaluation.json. Because this data directly influences the rewriting of SKILL.md, an attacker who can influence the evaluation process can inject persistent malicious instructions into the agent's core logic.
- Ingestion points: evaluation.json and evaluation.md in the local workspace.
- Boundary markers: Absent. There are no delimiters or instructions to treat the evaluation content as raw data rather than instructions.
- Capability inventory: File system read and write access to the .sop-engine/skills/ directory.
- Sanitization: Absent. The process lacks any validation, filtering, or sanitization of the external content before it is interpolated into the new version of the skill's instructions.
Recommendations
- AI detected serious security threats
Audit Metadata