agent-army
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading and processing external file content which is then passed to sub-agents as part of their instructions.
- Ingestion points: Files are scanned and read during the 'Recon' phase (Step 3) to determine the scope of work and are then passed to sub-agents.
- Boundary markers: The Layer 1 and Layer 2 prompt templates lack explicit delimiters or 'ignore embedded instructions' warnings to isolate system prompts from untrusted file data.
- Capability inventory: Sub-agents have the ability to modify files on the local filesystem and execute project-specific build commands.
- Sanitization: The skill does not perform sanitization on file content or metadata before including it in sub-agent prompts.
- [COMMAND_EXECUTION]: The skill identifies and executes build commands (e.g., from package.json or Makefile) during the 'Verify' phase (Step 6). This executes arbitrary shell commands defined within the codebase being processed.
Audit Metadata