sequential-thinking
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection due to the combination of high-privilege capabilities and external data ingestion.\n
- Ingestion points: The skill utilizes
ReadandBashtools, which ingest untrusted content from the filesystem or command outputs into the agent's reasoning process (thoughts).\n - Boundary markers: Absent. The framework does not include instructions to delimit or ignore instructions within processed data.\n
- Capability inventory: The skill is granted
Bash (*)(arbitrary shell access) andWrite(filesystem modification) tools.\n - Sanitization: Absent. No mention of validation or filtering of content retrieved via high-privilege tools.\n- COMMAND_EXECUTION (HIGH): The skill explicitly requires the
Bash (*)tool. While intended for debugging and analysis, this provides an unrestricted execution environment that can be exploited if the agent's reasoning is compromised via indirect injection.
Recommendations
- AI detected serious security threats
Audit Metadata