RedTeam
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via
curlto send status notifications to a local endpoint (http://localhost:8888/notify) inSKILL.md,Workflows/AdversarialValidation.md, andWorkflows/ParallelAnalysis.md.- [PROMPT_INJECTION]: The workflow design presents an attack surface for indirect prompt injection by processing untrusted user content through a multi-agent pipeline. - Ingestion points: User-provided arguments and problem descriptions in
Workflows/ParallelAnalysis.mdandWorkflows/AdversarialValidation.mdare decomposed and passed to 32 parallel sub-agents. - Boundary markers: The agent prompt templates in
Workflows/ParallelAnalysis.mduse Markdown headers (e.g.,## THE ARGUMENT TO ANALYZE) and uppercase instruction blocks to delimit instructions from data. - Capability inventory: The skill possesses command execution capabilities (
curl) for notification purposes. - Sanitization: No explicit sanitization or filtering of user-provided content is performed before it is interpolated into sub-agent prompts.
Audit Metadata