tech-article-polished-writer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) as it ingests untrusted source material from users to generate technical articles.\n
- Ingestion points: User-provided drafts, bullet points, or raw notes in Step 1 of the workflow.\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt template.\n
- Capability inventory: The agent can write files to the outputs/ directory and execute local Python scripts.\n
- Sanitization: No sanitization or validation of the input material is performed before processing.\n- COMMAND_EXECUTION (HIGH): The skill instructions specify running a shell command:
python scripts/validate_article.py outputs/YYYYMMDD-{topic-slug}.md. Since {topic-slug} is derived from the user-provided topic or source material, an attacker could craft a topic name containing shell metacharacters (e.g., ; or &) to execute arbitrary commands on the host system.\n- Metadata Poisoning (SAFE): The description files across multiple languages (English, Japanese, Chinese, etc.) are consistent and do not contain hidden instructions or malicious patterns.
Recommendations
- AI detected serious security threats
Audit Metadata