minimal-apis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface due to untrusted data ingestion combined with execution capabilities.\n
- Ingestion points: External documentation is fetched using
mcp__context7__query-docsfrom the Microsoft Learn website.\n - Boundary markers: The skill fails to define any delimiters or system instructions to distinguish external content from legitimate instructions.\n
- Capability inventory: The agent has access to
Bash,Edit, andWrite, allowing it to perform side effects based on potentially poisoned input.\n - Sanitization: There is no evidence of sanitization or safety checks applied to the retrieved content.\n- [Command Execution] (MEDIUM): The skill explicitly authorizes the use of the
Bashtool, which increases the impact of any potential prompt injection by allowing shell access.
Recommendations
- AI detected serious security threats
Audit Metadata