trade-review
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary workflow involves reading instructions from an external file ('log.md') and giving them 'highest priority.' This is a significant security flaw as it allows an attacker-controlled file to override the agent's core logic and safety constraints.
- Ingestion points: The skill reads untrusted data from the file '<log_dir>/log.md' as specified in the workflow.
- Boundary markers: There are no delimiters or instructions to the agent to ignore malicious embedded commands within the log file.
- Capability inventory: The skill enables file-read and file-write operations within the provided directory. If the agent has access to more powerful tools (like shells or network access), the injection in the log file could be used to exploit them.
- Sanitization: The skill lacks any mechanism to sanitize or validate the content of 'log.md' before the agent treats it as its primary directive.
Recommendations
- AI detected serious security threats
Audit Metadata