Skills
skills/r-sri-ram/buildmvpfast-project-docs/project-docs/Gen Agent Trust Hub

project-docs

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The 'Codebase Analysis' mode (Mode 2) ingests untrusted data from the local environment and processes it with high-privilege tools.
  • Ingestion points: The skill uses Read, Glob, and Grep to ingest content from project files (SKILL.md, Step 2).
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands within the analyzed files, allowing malicious code comments or READMEs to override agent behavior.
  • Capability inventory: The skill grants access to Bash (command execution) and Write (file modification), which can be abused if injection occurs.
  • Sanitization: No sanitization is performed on file contents before they are analyzed for stack detection and architecture inference.
  • Command Execution (MEDIUM): The skill explicitly instructs the agent to use the Bash tool for environment exploration (tree, ls). While the intended commands are benign, the broad tool permission coupled with untrusted data ingestion creates a significant attack surface.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:43 PM