basecamp
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill has a significant vulnerability surface for Indirect Prompt Injection (Category 8). It retrieves external, potentially attacker-controlled content from Basecamp and processes it with an agent that has sensitive write capabilities. * Ingestion points: Commands such as
basecamp message,basecamp doc, andbasecamp campfireretrieve content from a shared collaboration platform. * Boundary markers: Absent. The skill provides no instructions or delimiters to help the agent distinguish between data and instructions within retrieved content. * Capability inventory: The skill allows the agent to execute high-impact actions likebasecamp project-access --grantandbasecamp upload. * Sanitization: None. The skill performs no filtering or escaping of content retrieved from Basecamp. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing an external CLI tool named
basecamp. While the skill does not download the binary itself, it assumes the presence of a trusted local installation and lacks any mechanism to verify the integrity or source of the binary it invokes.
Recommendations
- AI detected serious security threats
Audit Metadata