Skills
skills/taylorhuston/local-life-manager/project-status/Gen Agent Trust Hub

project-status

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is designed to perform "intelligent context analysis" by reading various files across a repository. This creates a significant surface for indirect prompt injection where an attacker could place malicious instructions in project documentation.
  • Ingestion points: The skill reads README.md, SPEC-*.md, PLAN.md, and WORKLOG files across the ideas/ directory.
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands within the processed files.
  • Capability inventory: The skill is granted the Task tool, which typically allows shell command execution, alongside Read, Glob, and Grep.
  • Sanitization: No sanitization or validation of the file content is performed before analysis.
  • COMMAND_EXECUTION (LOW): The skill uses shell commands like ls, git branch, and git log to extract status information. While these are necessary for the skill's stated purpose, they represent the execution vector that could be exploited if an indirect prompt injection attack is successful.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:42 AM