office-sprite
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): 1. Ingestion points: User-provided '[NAME]' and '[OBJECT DESCRIPTION]' in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: 'cp', 'magick', 'ffmpeg', and shell scripts with file-write permissions. 4. Sanitization: Absent. An attacker can use path traversal in the '[NAME]' variable to overwrite arbitrary files on the host system.
- [Data Exposure] (LOW): Hardcoded absolute paths (e.g., '/Users/probello/...') reveal the host username and directory structure.
- [Command Execution] (LOW): The skill requires the agent to run multiple shell commands and scripts, which is a powerful capability that lacks sufficient constraints.
Recommendations
- AI detected serious security threats
Audit Metadata