verification-before-completion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface. The skill requires the agent to read and act upon untrusted data from command outputs and VCS diffs without providing sanitization or delimiters. Evidence Chain: 1. Ingestion points: 'READ: Full output' in the Gate Function and 'Check VCS diff' in the Agent Delegation section. 2. Boundary markers: Absent; no instructions exist to delimit or ignore instructions found within external content. 3. Capability inventory: The skill explicitly directs the agent to run execution-heavy tools like npm and tsc. 4. Sanitization: Absent; no validation or filtering of external tool output is mentioned.
- [COMMAND_EXECUTION] (MEDIUM): The skill provides the framework for executing various shell commands (e.g., npm test, npm run build, tsc). While standard for development, this execution capability can be leveraged if the agent is influenced by malicious payloads in the tool outputs it is mandated to read.
Recommendations
- AI detected serious security threats
Audit Metadata