ai-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a large ingestion surface with high-privilege side effects.
- Ingestion points:
SKILL.mdspecifies processing of data fromweb scraping,PDF extraction, andAPI integrations. - Boundary markers: There are no specified delimiters or instructions to treat external data as untrusted or to ignore embedded instructions.
- Capability inventory:
SKILL.mdgrants the agentcode execution,API calls,database queries, andweb searchcapabilities. - Sanitization: Although it mentions
guardrailsandPII detection, these are descriptive capabilities rather than enforced sanitization routines for input data. - [Command Execution] (HIGH): The skill explicitly claims the capability for
code executionandtool integrationinSKILL.md, providing a powerful primitive that can be abused if the agent is manipulated via malicious data.
Recommendations
- AI detected serious security threats
Audit Metadata