compound-engineering
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill directs the agent to ingest untrusted data which can contain hidden instructions (Category 8).
- Ingestion points: External research for best practices and analysis of the existing codebase/git history.
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions in the data it reads.
- Capability inventory: The agent can write files (Markdown plans, AGENTS.md) and execute local shell commands (npm test, npm run lint, git).
- Sanitization: Absent. There is no requirement to validate or sanitize content retrieved from external research before processing.\n- Command Execution (MEDIUM): The skill relies on executing project-defined scripts (npm test, npm run lint, npm run typecheck). If an attacker can influence the project's package.json or the code being tested, these commands become execution vectors for malicious code.
Recommendations
- AI detected serious security threats
Audit Metadata