clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The 'Verification Scripts' section contains instructions for the agent to execute a variety of Python scripts located in the
.agent/skills/directory (e.g.,python .agent/skills/vulnerability-scanner/scripts/security_scan.py .). This pattern involves executing local code that is not contained within the skill itself, relying on the security and integrity of the broader agent environment. - Indirect Prompt Injection (LOW): The 'Script Output Handling' instructions mandate that the agent 'capture ALL output', 'parse the output', and 'summarize to user'. This creates a vulnerability surface where a validation script—which may be processing code or data influenced by an attacker—could produce output containing malicious instructions that the agent might inadvertently follow during its summarization and decision-making phase.
- Ingestion points: Script output captured by the agent after running verification commands.
- Boundary markers: None specified for the script output; the agent is simply told to capture and parse 'ALL output'.
- Capability inventory: The skill allows 'Read', 'Write', and 'Edit' tools, and explicitly instructs the execution of shell commands via Python.
- Sanitization: No evidence of sanitization or filtering of the script output before the agent processes and summarizes it.
Audit Metadata