senior-prompt-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute several local Python scripts (e.g., scripts/agent_orchestrator.py, scripts/train.py) and infrastructure tools (kubectl, helm, docker). Since the source code for these scripts is not provided, their behavior cannot be verified, posing a risk if the skill is from an untrusted origin.
- [PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface. The skill is designed to ingest and analyze untrusted external data (via --input data/ and --target project/). This data is processed by scripts that have high-privilege capabilities including deployment and infrastructure management. There are no boundary markers or sanitization procedures defined to prevent malicious instructions within the data from influencing the agent's high-impact actions.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The orchestration and evaluation capabilities likely involve dynamic interactions with LLMs and external systems. Without explicit sandboxing or script verification, these operations could lead to unauthorized code execution if influenced by malicious inputs.
Recommendations
- AI detected serious security threats
Audit Metadata