task-start
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill allows users to specify a 'Project Directory' where it will create a new file. Since there is no logic to sanitize or validate this path, an attacker could provide paths like '../../.ssh/' to write files into sensitive locations.
- [PROMPT_INJECTION] (HIGH): This skill is vulnerable to indirect prompt injection. The user-provided 'task name' is directly interpolated into the filename and the body of the generated document. A malicious user could provide a task name containing instructions that could manipulate the agent's behavior when it later reads or processes the generated documentation file.
- [DATA_EXPOSURE] (LOW): While the skill primarily writes files, the ability to specify arbitrary paths increases the surface area for probing the file system structure.
Recommendations
- AI detected serious security threats
Audit Metadata