adr-graph-easy-architect
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's setup instructions in
references/preflight-setup.mdinclude commands that require elevated permissions. Specifically, it usessudo apt install -y cpanminusto install system packages, which constitutes privilege escalation. - [REMOTE_CODE_EXECUTION]: The preflight setup script in
references/preflight-setup.mdperforms remote code execution by piping the output of a network download directly into an interpreter: `curl -L https://cpanmin.us | mise exec perl -- perl - App::cpanminus
. This is used to install thecpanminus` tool. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of the
Graph::EasyPerl module and thecpanminusinstaller from external repositories during its configuration phase as described inreferences/preflight-setup.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design of processing untrusted data from external files.
- Ingestion points: The agent is instructed to read ADR files and extract content from specific
<details>blocks as described inSKILL.mdandreferences/adr-embedding.md. - Boundary markers: The workflow uses HTML tags (
<details>,<summary>) and Markdown code blocks as delimiters, which are insufficient to prevent the agent from obeying instructions embedded within the diagram source code. - Capability inventory: The skill utilizes the
Bashtool to execute shell commands and thegraph-easyutility using data derived from the ingested Markdown files. - Sanitization: There is no evidence of validation or sanitization applied to the content extracted from files before it is passed to the execution environment.
Recommendations
- AI detected serious security threats
Audit Metadata