test
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted codebase content via 'Phase 0' diagnostics and 'Phase 1/2' test execution. An attacker could place malicious instructions inside project files or test cases that the agent would then interpret or execute.
- Ingestion points: Local project directory (.) and user-defined [SCOPE].
- Boundary markers: None. Project data is interpolated directly into sub-agent prompts.
- Capability inventory: Execution of shell commands (tldr) and arbitrary code execution via test runners (arbiter/atlas agents).
- Sanitization: None present; the agent is encouraged to 'fix' errors found in untrusted code paths automatically.
- Command Execution (HIGH): The skill directly executes shell commands using the 'tldr' utility and delegates complex test execution tasks to sub-agents. Running test suites inherently involves executing arbitrary code within the project context.
- Unverifiable Dependencies (MEDIUM): The skill relies on a tool called 'tldr' for '--project' diagnostics. This does not align with the standard 'tldr' man-page utility, suggesting a dependency on an undocumented or custom tool with high-privilege access to the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata