Confidence Check
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The documentation explicitly references 'confidence.ts' as containing the actual function implementation. Because this file is not included in the skill definition, the agent's behavior when 'executing' this logic is unverified and potentially dangerous.
- [DATA_EXFILTRATION] (MEDIUM): The check workflow involves reading local sensitive files like 'CLAUDE.md' and performing codebase searches, followed immediately by calls to external tools like Tavily and WebFetch. This creates a direct vector where sensitive internal project details can be leaked to external search providers within the query context.
- [PROMPT_INJECTION] (HIGH): The skill ingests untrusted content from the web (Check 3 and 4) to determine its confidence score. Without explicit boundary markers or sanitization logic, an attacker could poison documentation or public repositories to inject instructions that bypass the confidence threshold or influence downstream implementation logic (Indirect Prompt Injection).
- [COMMAND_EXECUTION] (LOW): The skill suggests using bash commands like grep and glob to inspect the local filesystem, which is a necessary capability for its stated purpose but contributes to the overall exposure risk.
Recommendations
- AI detected serious security threats
Audit Metadata