leiloeiro-ia
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs the agent to execute external Python scripts such as
C:\Users\renat\skills\agent-orchestrator\scripts\scan_registry.pyandagent-orchestrator/scripts/match_skills.py. Since these scripts are not bundled with the skill, their content and security cannot be verified before execution. - [COMMAND_EXECUTION]: The skill encourages the use of CLI-based tools and local Python scripts to perform orchestration tasks. This pattern facilitates the execution of arbitrary logic on the host system based on instructions provided in the skill's markdown files.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze external auction notices ("editais") provided by users. It lacks instructions for the agent to treat this data as untrusted or use protective boundary markers, which exposes the agent to indirect prompt injection if the analyzed documents contain malicious instructions.
- Ingestion points: User-provided auction notices and lot details described in the 'Estrutura De Análise Completa' section.
- Boundary markers: None identified; user content is processed directly within the workflow steps.
- Capability inventory: The skill uses tools like
claude-codeandgemini-cliand suggests shell command execution via Python scripts. - Sanitization: No validation or escaping of external content is documented before processing.
Audit Metadata