Skills
NYC
skills/thebushidocollective/han/proof-of-work/Gen Agent Trust Hub

proof-of-work

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill identifies a significant attack surface by requiring the agent to process untrusted data from the workspace and then use powerful tools based on that data.
  • Ingestion points: Untrusted data enters via the Read tool and Bash commands (cat, git diff) when inspecting repository files.
  • Boundary markers: Absent. The skill provides no instructions to distinguish between developer content and malicious instructions embedded in the files.
  • Capability inventory: The agent has access to Bash, Write, Edit, and Grep, enabling full system command execution and file modification.
  • Sanitization: Absent. Data read from files is directly incorporated into the agent's decision-making process for 'verification'.
  • [Command Execution] (MEDIUM): The skill explicitly permits and encourages the use of the Bash tool for verification tasks. In conjunction with the Category 8 risk, this allows an attacker to potentially execute arbitrary code by placing instructions in files that the agent is forced to 'verify'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:23 AM