model-first-reasoning
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface (Category 8).
- Ingestion points: The skill processes untrusted user-provided problem descriptions and requirements to generate a model and subsequent code implementation.
- Boundary markers: Absent; there are no instructions or delimiters provided to encapsulate user input or instruct the agent to ignore embedded commands within user requirements.
- Capability inventory: The skill possesses the capability to execute subprocesses (via the Python validator) and write files to the local file system (model.json and implementation files).
- Sanitization: Absent; the skill lacks any mechanism to sanitize or validate user input before it is incorporated into the model or used in the execution phase.
- [COMMAND_EXECUTION] (MEDIUM): The skill mandates the execution of a local script 'python scripts/validate-model.py model.json'. This execution of a script on the local machine using data influenced by untrusted external sources represents a significant security risk, especially as the contents of the validation script are not provided for auditing.
Recommendations
- AI detected serious security threats
Audit Metadata