touchdesigner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from the TouchDesigner environment via tools like
td_operatorsandtd_selection, and it has the capability to execute arbitrary code viatd_execute. There are no boundary markers or sanitization logic defined in the instructions to prevent data read from the environment (like operator names or DAT content) from being interpreted as instructions. - [Command Execution] (MEDIUM): The
td_executetool provides direct access to the Python interpreter within the host application. While necessary for the skill's intended functionality, it represents a high-impact execution vector that could be exploited if the agent is manipulated via prompt injection. - [Instructional Override] (LOW): The skill uses 'CRITICAL' and 'REQUIRED' markers to override the agent's pre-trained knowledge. While this is likely intended for technical accuracy, such self-referential instructions are a known pattern for steering agent behavior and bypassing general guidelines.
Recommendations
- AI detected serious security threats
Audit Metadata