working-with-aspire
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill contains behavioral steering instructions in
SKILL.mdandmcp-integration.mdmarked with 'CRITICAL' and 'ALWAYS'. These instructions direct the AI agent to prioritize Aspire-specific MCP tools over standard system commands likecurlordocker logsfor debugging tasks. - [DATA_EXFILTRATION] (LOW): The
diagnostics.mdfile contains a code snippet for an/debug/envendpoint that iterates through and returns all environment variables. While provided as a diagnostic suggestion for developers, implementing this in a production service would result in significant sensitive data exposure. - [PROMPT_INJECTION] (LOW): The skill establishes an indirect prompt injection surface (Category 8) by instructing the agent to utilize tools that ingest untrusted data from the user's running environment.
- Ingestion points: The
list_console_logs,list_structured_logs, andlist_tracestools fetch data directly from application outputs and telemetry streams. - Boundary markers: No delimiters or instructions to ignore embedded commands within the ingested data are provided in the skill documentation.
- Capability inventory: The agent is granted high-privilege capabilities such as
execute_resource_command, which allows it to start, stop, or restart application components. - Sanitization: There is no mention of filtering or sanitizing the log data before it is presented to the LLM for analysis.
Audit Metadata