tender-assessment
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a local script,
vic_tenders_scraper.py, which is not included in the provided file package. The agent is instructed to run this script with various flags, but the underlying code is unverifiable and could execute arbitrary commands.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).\n - Ingestion points: In Phase 5.1, the skill uses
WebFetchto ingest the full content of tender detail pages from external URLs.\n - Boundary markers: The instructions for Phase 5.1 do not include delimiters or specific guidance for the agent to ignore instructions embedded within the fetched text.\n
- Capability inventory: The skill possesses command execution capabilities (
python vic_tenders_scraper.py) and file system access for state management (seen_tender_ids.json).\n - Sanitization: There is no defined process for sanitizing or filtering external content before it is processed by the AI to generate pursuit packages.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves data from
tenders.vic.gov.au. This identifies the Victorian Government tenders portal as the primary source of external information.
Audit Metadata