trainer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to read external, potentially untrusted content (commits and code) and use it to modify the system's instruction set (SKILL.md files).
- Ingestion points: Workflow step 2 involves reading commits and code changes from the repository.
- Boundary markers: None identified; the skill directly translates code observations into skill updates without delimiters or 'ignore' instructions.
- Capability inventory: Workflow step 3 grants the skill the ability to 'Edit or create SKILL.md files', which defines the behavior of AI agents, and manage 'AGENTS.md'.
- Sanitization: No validation or human-in-the-loop review process is mentioned for updating instruction files, allowing malicious code to potentially redefine system constraints.
Recommendations
- AI detected serious security threats
Audit Metadata