Skills
skills/penkzhou/swiss-army-knife-plugin/knowledge-patterns/Gen Agent Trust Hub

knowledge-patterns

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill facilitates the ingestion of untrusted data from PR comments into a persistent library that influences future agent actions.
  • Ingestion points: PR Review comments and files within the patterns/ directory (as referenced in SKILL.md).
  • Boundary markers: Absent. There are no defined delimiters or 'ignore' instructions to prevent the agent from obeying malicious commands embedded within PR comments.
  • Capability inventory: The fix-coordinator agent performs code modifications based on these patterns, and the knowledge-writer agent has file-write capabilities to persist patterns to the filesystem.
  • Sanitization: Absent. There is no evidence of filtering, escaping, or validating the content of PR comments before they are incorporated into the pattern library.
  • Risk: A malicious PR comment could contain hidden instructions that, once 'learned' as a pattern, could lead to automated backdoor injection or data exfiltration in subsequent automated repair tasks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:00 AM