boy-scout-rule
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest and modify existing source files which are considered untrusted external data. It lacks the necessary boundary markers to prevent the agent from obeying instructions embedded within the code it is refactoring.
- Ingestion points: Existing codebase accessed through the
ReadandGreptools. - Boundary markers: Absent. There are no instructions for the agent to distinguish between code to be refactored and potential instructions within that code.
- Capability inventory:
Edit(file modification) andBash(arbitrary command execution). - Sanitization: None. The skill does not provide mechanisms to sanitize or escape content before processing.
- Command Execution (MEDIUM): The skill grants access to the
Bashtool to run verification commands (e.g.,mix lint,yarn test). While these are standard development tools, an attacker could use indirect prompt injection to trick the agent into executing malicious bash scripts under the guise of 'improving' the build or test process.
Recommendations
- AI detected serious security threats
Audit Metadata