iterative-retrieval
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted file content, creating a significant attack surface.
- Ingestion points: The skill reads file content into
file.contentinevaluateRelevanceandrefineQueryfunctions. - Boundary markers: No delimiters or 'ignore' instructions are provided when feeding retrieved content into the agent context.
- Capability inventory: The skill possesses the ability to read arbitrary files from a codebase and use that content to programmatically update search keywords and exclusion patterns.
- Sanitization: There is no sanitization or validation of the ingested content. A malicious file in the codebase could contain instructions to hijack the retrieval loop or redirect the agent's final output.
- [External Downloads] (MEDIUM): An automated scan flagged 'file.co' as a malicious URL. While this likely results from pattern matching on variables like
file.contentorfile.config, the presence of external links to unverified X (Twitter) status updates introduces risks regarding the integrity of the pattern's source material. - [Data Exposure] (LOW): The examples provided explicitly target sensitive files such as
auth.ts,tokens.ts, andsession-manager.ts. While the skill itself does not exfiltrate data, its purpose is to identify and expose sensitive logic to the agent context.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata