guided-config
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is susceptible to Indirect Prompt Injection because it is designed to ingest and follow instructions from external documentation URLs provided by the user.
- Ingestion points: Step 1 explicitly requests the user to provide URLs for existing docs/guides to follow.
- Boundary markers: Absent. There are no instructions to the agent to treat external content as untrusted or to ignore embedded commands.
- Capability inventory: Although the agent cannot execute tools directly, it generates shell commands (
sudo apt-get) and system file modifications (/etc/config/file.conf) for the user to perform. - Sanitization: None. The agent does not validate the safety of instructions found at external URLs before presenting them as the 'successful path' in documentation.
- COMMAND_EXECUTION (LOW): The skill frequently suggests high-privilege commands (e.g., using
sudo). While the user must manually execute these, the agent acts as a high-trust source that could be manipulated into suggesting harmful commands if it parses a malicious guide. - INFO: The automated scanner alert for
file.cois identified as a false positive. The string occurs as a substring within the example path/etc/config/file.confand does not represent a connection to a malicious domain.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata