requirements-analyst
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests the Bash tool in its frontmatter, allowing the agent to execute arbitrary system commands. This provides a significant attack surface for host compromise.
- [PROMPT_INJECTION]: Automated URLite scans have flagged product.md and requirements.md as malicious. These files are explicitly required reading for the agent to determine its operational context (Project Memory), meaning the agent's behavior is guided by content identified as dangerous.
- [PROMPT_INJECTION]: The skill design is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: The agent reads various Markdown files from the steering/ directory to gain project context. 2. Boundary markers: The instructions lack delimiters or constraints to prevent the agent from obeying embedded malicious commands within these files. 3. Capability inventory: The agent has Read, Write, Edit, and Bash tools. 4. Sanitization: No input validation or filtering is performed on the data read from the steering documents.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata