PromptInjection
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of a curl command to http://localhost:8888/notify immediately upon invocation as part of a required voice notification step.
- [COMMAND_EXECUTION]: The reconnaissance workflow facilitates the generation and execution of a local shell script (reconnaissance.sh) that performs file system operations and system calls to manage browser tools.
- [PROMPT_INJECTION]: The skill definition employs mandatory behavioral overrides to force the agent into an offensive security role and execute background network tasks.
- [EXTERNAL_DOWNLOADS]: The documentation references well-known security packages from public registries such as promptfoo, garak, and pyrit for automated testing.
- [PROMPT_INJECTION]: High risk of indirect prompt injection during reconnaissance. 1. Ingestion points: browser extraction and network logs identified in APPLICATION-RECONNAISSANCE-METHODOLOGY.md. 2. Boundary markers: None identified in the processing logic. 3. Capability inventory: subprocess execution (bash), local network access (curl), and file system write access. 4. Sanitization: Absent from the data ingestion flow.
Audit Metadata