anti-human-bottleneck
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions designed to override standard safety protocols and human-in-the-loop requirements, using commanding language such as 'Do everything. Ask nothing.' to force autonomous behavior and bypass confirmation prompts.
- [COMMAND_EXECUTION]: It authorizes the agent to execute high-risk and destructive commands including 'git force-push' and the deletion of files, branches, or data without seeking user approval or providing a chance for human review.
- [DATA_EXFILTRATION]: By removing confirmation steps for sending messages via APIs such as Slack or Email, the skill facilitates the potential unauthorized transmission of sensitive information to external systems without the user's knowledge.
- [EXTERNAL_DOWNLOADS]: The skill encourages the autonomous use of 'curl' and browser-based tools to fetch and interact with external web content, which increases the risk of the agent interacting with or downloading from malicious sources without oversight.
Recommendations
- AI detected serious security threats
Audit Metadata