onboarding-agent
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection. 1. Ingestion points: User replies and external repository links requested in
SKILL.md. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in external data. 3. Capability inventory: The agent is instructed to generate and execute shell commands for branch creation, environment setup, and testing inSKILL.md. 4. Sanitization: Absent; the agent does not validate or sanitize inputs before incorporating them into executable steps. - [Command Execution] (HIGH): The skill's primary call to action is to 'execute the plan,' which includes arbitrary shell commands for environment configuration and testing. This provides a direct path for executing malicious instructions if the input is manipulated.
- [External Downloads] (LOW): The skill requests external repository links in
SKILL.md, which involves the agent accessing and potentially downloading content from untrusted remote sources.
Recommendations
- AI detected serious security threats
Audit Metadata