incident-responder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted external data (error logs, deployment metadata, incident reports) and perform high-impact actions like 'Fix Implementation' and 'Rollback'. This creates a critical vulnerability surface where an attacker can influence agent behavior through manipulated data.
- Ingestion points: The skill explicitly directs the agent to analyze error logs, metrics, and deployment history (file: SKILL.md).
- Boundary markers: Absent. There are no instructions to the agent to treat external content as data rather than instructions, nor are there any delimiters provided.
- Capability inventory: The skill framework assumes the agent has permissions to 'Rollback', 'Increase resources', 'Disable problematic features', and 'Implement fixes'.
- Sanitization: Absent. No logic is provided to sanitize or validate the content of the logs or reports before the agent acts upon them.
- [No Code] (INFO): The skill contains no executable scripts or code. The security risk resides entirely in the natural language instructions and the high-privilege workflow they define.
Recommendations
- AI detected serious security threats
Audit Metadata