cesium-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted user content and possesses high-privilege file system capabilities. • Ingestion points: User questions provided via the $ARGUMENTS parameter in SKILL.md. • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its internal logic and potentially malicious embedded instructions in user data. • Capability inventory: The skill is explicitly allowed Read, Write, Glob, and Grep tools in SKILL.md, allowing for file modification and data exposure. • Sanitization: There is no evidence of input validation or content filtering for user-supplied implementation requests.
Recommendations
- AI detected serious security threats
Audit Metadata