windows-compatibility
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection due to the combination of file-system-wide access and powerful tool capabilities.
- Ingestion points: The skill uses
globs: '**/*', meaning the agent will process data from any file in the workspace. - Boundary markers: None. The instructions do not provide delimiters or warnings to the agent to distinguish between its instructions and potentially malicious content within the files it reads.
- Capability inventory: The agent is granted
Bash,Write, andEdittools, allowing for arbitrary command execution and file modification based on the content it processes. - Sanitization: Absent. There are no requirements for validating or escaping external content before it is used to influence agent decisions or shell commands.
- [COMMAND_EXECUTION] (LOW): The skill explicitly instructs the agent on how to use the
Bashtool for system-level operations such as directory creation (mkdir), file deletion (rm), and reading sensitive local system contexts. While these are legitimate instructions for the skill's purpose, they define a high-impact capability set when combined with untrusted data ingestion.
Recommendations
- AI detected serious security threats
Audit Metadata