swiftzilla_search
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill directs the agent to execute ./check.sh and ./search.sh, which are not included in the provided file list. This execution of shadow scripts is a high-risk pattern as the behavior of these scripts is hidden from the analyzer and could perform malicious actions on the host system.
- [NO_CODE] (LOW): The skill is non-functional in its current state because the primary logic (shell scripts) is missing from the payload.
- [PROMPT_INJECTION] (MEDIUM): Category 8: Indirect Prompt Injection surface. Findings: 1. Ingestion points: Technical context retrieved from the external SwiftZilla API via search.sh. 2. Boundary markers: None. The instructions do not specify how to delimit external content or warn the agent to ignore embedded instructions in the search results. 3. Capability inventory: The skill uses Bash(curl) for network access and Bash(jq) for data processing. 4. Sanitization: None described. Maliciously crafted technical documentation in the API response could influence agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata