automation
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests data from external URLs provided in the 'target.url' parameter to generate automation scripts. • Ingestion points: target.url in SKILL.md. • Capability inventory: The skill generates 'code' and 'setup_commands' which are high-privilege outputs intended for user execution. • Boundary markers: None identified in the provided schema. • Sanitization: Only basic regex format validation is performed on the URL. An attacker hosting a malicious page could influence the agent to generate backdoored test code or harmful setup commands.
- External Downloads (MEDIUM): The 'reachability_check' mentioned in the validation logic implies the agent makes outbound requests to arbitrary user-provided URLs. This can be exploited for Server-Side Request Forgery (SSRF) to scan or attack internal network infrastructure from the agent's environment.
Recommendations
- AI detected serious security threats
Audit Metadata