creating-workflows-from-description
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill identifies and processes user-provided task descriptions without appropriate security boundaries. Evidence Chain: (1) Ingestion points: User-provided natural language descriptions (File: SKILL.md). (2) Boundary markers: Absent; user input is interpolated directly into the command string. (3) Capability inventory: Executes the
/orchestration:createtool command, which possesses write/execute capabilities. (4) Sanitization: Absent; no validation, escaping, or filtering of the user input is implemented before interpolation. - [Command Execution] (MEDIUM): The skill dynamically generates tool-level commands from raw user strings. This pattern is vulnerable to command-specific injection if the downstream orchestration tool does not properly sanitize inputs or if the input contains control characters meant to alter the tool's execution flow.
Recommendations
- AI detected serious security threats
Audit Metadata