hugging-face-datasets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill defines a system architecture for an agent with high-privilege capabilities including filesystem modification, database execution, and web operations.
- Ingestion Points: User requests enter the agent context via the messages array in templates/chat.json and examples/training_examples.json.
- Boundary Markers: The templates lack explicit delimiters or instructions to isolate user input from command execution.
- Capability Inventory: The agent is described as having access to tools such as write_file, delete_file, execute_query, post_request, and git_push.
- Sanitization: No input validation or filtering is defined for the data processed by these sensitive tools.
- Schema Confusion: The templates/custom.json file allows for arbitrary data structures without strict validation, increasing the risk of instruction injection via structured fields.
Recommendations
- AI detected serious security threats
Audit Metadata