interview
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill takes the input $1 and, if it appears to be a path, uses the Read tool to access the file without any validation. This allows an attacker to supply paths to sensitive files such as SSH keys, configuration files, or system databases.
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection because it processes untrusted content (from a file or raw text) and uses it to guide the agent's behavior during a long-running interview process that concludes with file writing. 1. Ingestion points: File content or raw text input from the $1 argument. 2. Boundary markers: None present. 3. Capability inventory: File read, file write, and bash shell execution. 4. Sanitization: None.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to execute the bash date command. While the specific command is low risk, the pattern of using shell execution for file management logic in a workflow involving untrusted input increases the overall attack surface and risk of command injection.
Recommendations
- AI detected serious security threats
Audit Metadata