fix-grammar
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill possesses a significant attack surface for Indirect Prompt Injection. It is designed to read and process external file content which can contain malicious instructions. Without boundary markers or sanitization, these instructions could trigger unauthorized actions using the skill's file-system and task capabilities. • Ingestion points: The Read tool is used on file content in Step 3 of SKILL.md. • Boundary markers: None present; content is processed directly. • Capability inventory: Edit, Write, MultiEdit, and Task tools. • Sanitization: None.
- [COMMAND_EXECUTION] (MEDIUM): The use of the Task tool to launch parallel agents creates a vector where injected instructions could orchestrate broader malicious behaviors through sub-agents.
Recommendations
- AI detected serious security threats
Audit Metadata