Skills
skills/microsoft/github-copilot-for-azure/sensei/Gen Agent Trust Hub

sensei

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill uses direct string interpolation of the {skill-name} variable into shell commands such as 'cp -r tests/_template tests/{skill-name}' in SKILL.md and 'cd scripts && npm run tokens -- count plugin/skills/{skill-name}/SKILL.md' in TOKEN-INTEGRATION.md. This allows an attacker to execute arbitrary shell commands by providing a crafted skill name containing shell metacharacters like semicolons or pipes.
  • [REMOTE_CODE_EXECUTION] (HIGH): The shell command injection vulnerability provides a direct path for an attacker to achieve remote code execution on the system where the agent is operating.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes the content of 'plugin/skills/{skill-name}/SKILL.md' to generate suggestions and improvements. Evidence: 1. Ingestion points: 'plugin/skills/{skill-name}/SKILL.md'. 2. Boundary markers: Absent. 3. Capability inventory: 'cp', 'npm' (tests and scripts), and file system writes. 4. Sanitization: Absent. This could allow malicious instructions inside a skill file to manipulate the agent's behavior during the optimization loop.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM