create-triggered-task
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill defines a workflow where user-supplied data (pipeline names, parameters, configuration) is directly used to generate Robot Framework (.robot) files.
- Ingestion points: Step 2 explicitly parses user input for parameters and configurations.
- Boundary markers: There are no instructions or markers defined to isolate user input from the script logic, making it vulnerable to injection.
- Capability inventory: The skill uses the
Writetool (Step 3) to create.robotfiles. These files are executable in the context of a test runner and can invoke system-level commands. - Sanitization: No sanitization or validation of the user's input is performed before it is written to the filesystem.
- Command Execution (MEDIUM): The skill is designed to generate code intended for execution. If the generated Robot Framework scripts include malicious keywords (e.g., from the 'OperatingSystem' library), they could perform unauthorized file modifications or process executions on the host system.
- Metadata Risk (LOW): Step 1 instructs the agent to read a file using a path derived from a template variable
{{cookiecutter.primary_pipeline_name}}. If this variable is controlled by an untrusted source, it could potentially be used for path traversal to read unauthorized files on the filesystem.
Recommendations
- AI detected serious security threats
Audit Metadata