add-memory-trace-tags
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): User input is used to modify critical system source code without boundary markers or strict sanitization. \n
- Ingestion points: User-provided
<标签名称>(Tag Name) and<描述>(Description) parameters in the main interaction flow. \n - Boundary markers: Absent; user data is directly interpolated into code templates. \n
- Capability inventory: File-write access to 11 sensitive files in
developtools_profilerandthird_party_musl, including system hooks and memory management headers. \n - Sanitization: Relies on weak natural language constraints (e.g., 'uppercase letters and underscores') which can be bypassed by malicious input designed to break out of code syntax (e.g., closing a macro and starting a new command). \n- [Command Execution] (MEDIUM): Modification of files that are subsequently compiled. \n
- Evidence: The skill modifies
.cpp,.h, and.protofiles which the user is then instructed to compile. \n - Risk: Successful injection into these files results in arbitrary code execution on the developer's machine during the build process.
Recommendations
- AI detected serious security threats
Audit Metadata