thread-management
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): Vulnerable to Indirect Prompt Injection. 1. Ingestion points: The skill fetches untrusted data via
alma threads(titles) andalma thread messages(message history). 2. Boundary markers: No delimiters or instructions are used to isolate this external content from the agent's system prompt. 3. Capability inventory: The agent has the powerfulBashtool and destructive commands likealma thread delete. 4. Sanitization: There is no evidence of filtering or sanitization of the retrieved content. - Command Execution (LOW): The skill utilizes the
Bashtool for CLI interactions; while necessary for its intended functionality, this provides the mechanism for potential exploitation via prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata