skill-name
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect prompt injection due to its file-handling capabilities. Ingestion points: untrusted data enters the agent context via
scripts/main.pyat line 61 usinginput_path.read_text(). Boundary markers: absent; the content is read directly without delimiters or instructions to ignore embedded commands. Capability inventory:scripts/main.pycontains subprocess-like file system capabilities includingoutput_path.write_text()andoutput_path.parent.mkdir(). Sanitization: absent; the script performs a direct transformation and write operation without validating or escaping the input content. - [Data Exposure & Exfiltration] (LOW): The script allows the reading of arbitrary file paths passed as command-line arguments. While intended for file processing, this provides the capability to read sensitive system files if the agent is directed to do so by a malicious actor.
Recommendations
- AI detected serious security threats
Audit Metadata