agent-dev-coder
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its integration with web-searching and web-fetching tools.
- Ingestion points: The agent ingests data from external sources using tools like mcp__brave__brave_web_search and WebFetch.
- Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands within processed external data.
- Capability inventory: The agent has broad permissions including Bash execution, file modification (Write, Edit, MultiEdit), and specialized coding tools like NotebookEdit.
- Sanitization: There is no evidence of input validation or sanitization for data retrieved from the web before it is processed or used in terminal commands.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform build and test operations as part of its core mandate. While intended for legitimate development tasks, this provides a mechanism for arbitrary command execution if the agent is misled by malicious external input or poisoned project files.
- [EXTERNAL_DOWNLOADS]: The skill incorporates WebFetch and Brave Search capabilities, allowing it to retrieve and process content from remote URLs and search results.
Audit Metadata