onedrive
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill processes untrusted content from OneDrive that could contain malicious instructions intended to hijack the agent.
- Ingestion points: OneDrive file contents via download and search result metadata (SKILL.md).
- Boundary markers: None. No delimiters are used to separate untrusted data from the agent's instructions.
- Capability inventory: The skill can upload, download, and manage files, providing a high-impact surface for injection attacks (SKILL.md).
- Sanitization: No evidence of sanitization or validation for retrieved external content is present.
- COMMAND_EXECUTION (MEDIUM): The execution pattern (Step 1 in SKILL.md) involves interpolating input into a shell command. Improper escaping of the JSON input string by the agent could potentially lead to local command injection.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is installed from an external, non-whitelisted source (refly.ai) using a custom CLI tool, representing an unverifiable dependency (README.md).
Recommendations
- AI detected serious security threats
Audit Metadata