agent-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to create agents that ingest untrusted external data, posing a significant security risk based on the suggested capabilities.
- Ingestion points: As seen in
examples/agent-creation-prompt.md, the generated agents (e.g.,code-quality-reviewer) are designed to read code changes and PR data which are attacker-controllable. - Boundary markers: The templates provided in
references/agent-creation-system-prompt.mddo not include any instructions for the generated agents to use delimiters or ignore instructions embedded within the data they process. - Capability inventory: The examples explicitly suggest granting these agents
WriteandEdittools while they are processing untrusted input, which could lead to unauthorized code modifications if an injection occurs. - Sanitization: No guidance is provided on sanitizing or validating external content before it is processed by the generated agents.
- Privilege Escalation (INFO): The reference file
references/permission-modes-rules.mddocuments thebypassPermissionsmode. While this is educational material, it describes a high-risk configuration that removes all system-level safety checks, which could be dangerous if implemented in the generated agents without extreme caution.
Recommendations
- AI detected serious security threats
Audit Metadata