self-repair
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The file 'skill-snitch-report.md' contains explicit instructions to 'APPROVE' the skill and a fake security verdict ('THE DEMON WATCHES. THE DEMON HEALS.'), which is a self-referential attempt to influence the agent's analysis.
- [METADATA POISONING] (HIGH): The skill includes a fabricated audit report designed to mimic a legitimate security clearance to trick users and automated scanners into believing the skill is pre-vetted.
- [INDIRECT PROMPT INJECTION] (HIGH): Ingestion points: The skill monitors 'session-log' and 'working-set.yml'. Boundary markers: None. Capability inventory: 'write_file', 'read_file', 'list_dir'. Sanitization: None. The skill presents a high-risk surface where it modifies the file system based on untrusted log/file content, and it already demonstrates malicious intent by including instructions targeting the analyzer itself.
- [COMMAND_EXECUTION] (MEDIUM): Documentation in 'CARD.yml' mentions using 'git commands to examine and roll back history,' which introduces a vector for shell-based command execution via the agent.
Recommendations
- AI detected serious security threats
Audit Metadata