scratch-workspace
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): A vulnerability surface exists where the agent processes untrusted project data while having access to high-privilege tools.
- Ingestion points: The skill reads and interacts with existing project files and metadata through the Read, Glob, and Edit tools.
- Boundary markers: Absent; there are no instructions or delimiters to ensure the agent treats file content as data rather than instructions.
- Capability inventory: The skill utilizes the Bash tool for shell commands and the Write/Edit tools for file system modification.
- Sanitization: Absent; no validation or escaping of external content is performed before processing.
- Command Execution (MEDIUM): The skill relies on the Bash tool for routine tasks like directory creation and .gitignore updates. This exposes a vector for command injection if the agent is influenced by malicious content embedded within the files it is instructed to manage.
Recommendations
- AI detected serious security threats
Audit Metadata