backend-development
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a significant vulnerability surface due to its core functionality.
- Ingestion Points: Untrusted data enters the agent context via the
integrate_externalaction (which implies processing external API specifications) and through the general task descriptions provided by users or external triggers as seen inreferences/GUIDE.md. - Boundary Markers: There are no explicit delimiters or 'ignore embedded instructions' warnings defined in
SKILL.mdor the associated scripts to prevent the LLM from obeying instructions embedded within the data it is processing. - Capability Inventory: The skill has powerful 'write' capabilities, as it generates executable backend logic, API routes, and authentication implementations (
codeandfilesproperties inSKILL.md). - Sanitization: There is no evidence of content validation, escaping, or sanitization for external content before it is interpolated into the code generation process.
- Dynamic Execution (LOW): While
SKILL.mdcontains logging hooks (on_invoke,on_success) that appear to be template strings, the risk is minimized because the input parameters (action,runtime) are strictly constrained by enums in the parameter schema.
Recommendations
- AI detected serious security threats
Audit Metadata