pre-mortem
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python utility scripts/pre-mortem.py to validate risk inventories.
- [DATA_EXFILTRATION]: The script scripts/pre-mortem.py is vulnerable to arbitrary file disclosure. Although it attempts to prevent path traversal by checking for '..' and ensuring relative paths remain within the working directory, it explicitly skips these safety checks for absolute paths. This allows the script to read any file on the filesystem that the execution environment has permissions for, potentially exposing sensitive data to the AI agent.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Project descriptions, stakeholder lists, and user-provided failure reasons in SKILL.md and the inventory markdown files.
- Boundary markers: No explicit delimiters or instructions are provided to the model to ignore potential commands embedded within the project context.
- Capability inventory: The agent can run Python scripts and read local files.
- Sanitization: No validation or sanitization of the content of the risk inventory is performed.
Audit Metadata