decision-critic
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill uses imperative, over-riding language ('IMMEDIATELY invoke', 'Do NOT analyze first', 'Do NOT analyze or critique first') to force the agent to bypass its own reasoning and safety protocols. This is a classic pattern for instruction-override attacks.
- Command Execution (MEDIUM): The skill's primary function is to execute a Python module via a shell command. While the script is internal to the skill, the lack of oversight requested makes this execution risky.
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect injection because it takes untrusted decision text and passes it to a script while instructing the agent to ignore the content's safety or validity.
- Ingestion points: The
<decision text>placeholder in the script invocation withinSKILL.md. - Boundary markers: None, other than standard shell single-quoting which is insufficient against adversarial input.
- Capability inventory: Full subprocess execution via
python3 -m. - Sanitization: Absent. The skill explicitly forbids the agent from performing its own analysis/sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata