visual-indexer
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the AI to use a
mode: "bypassPermissions"setting when launching background agents. This is a direct attempt to subvert the agent's safety and permission boundaries. - [COMMAND_EXECUTION]: The instructions require the execution of shell commands such as
lsto interact with the file system directly to list screenshot files. - [DATA_EXFILTRATION]: The skill reads and indexes course materials and system-generated
manifest.jsonfiles. The presence of instructions to bypass permissions significantly elevates the risk associated with this data access.
Recommendations
- AI detected serious security threats
Audit Metadata