agentlens
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exposes a significant Indirect Prompt Injection surface by directing agents to process untrusted codebase documentation. 1. Ingestion points: Files in the
.agentlens/directory, includingINDEX.md,MODULE.md,outline.md, andmemory.md. 2. Boundary markers: Absent; the skill lacks instructions to delimit or treat the input as untrusted. 3. Capability inventory: The skill is intended to guide the agent during code exploration and modification ("Check memory.md before modifying code"). 4. Sanitization: Absent; malicious instructions embedded in documentation files could lead to unauthorized code changes. - COMMAND_EXECUTION (MEDIUM): The skill prompts the agent to run an external
agentlenscommand. This poses a risk of executing unverified or malicious binaries if the tool is not from a trusted source.
Recommendations
- AI detected serious security threats
Audit Metadata