investigate
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill explicitly allows the
Bashtool. While the provided instructions use it for harmless directory listings, the permission itself allows for any shell command, posing a significant risk of privilege escalation or system compromise. - [DATA_EXFILTRATION] (HIGH): The toolset includes both local file reading (Read, Grep) and external network access (WebFetch, WebSearch). This creates a high-risk vector where an agent could be manipulated into reading sensitive files (e.g., credentials) and transmitting them to a remote server.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via the files it investigates. 1. Ingestion points: Reads all files in the target codebase and
llmdoc/directory via the Read, Grep, and Glob tools. 2. Boundary markers: No delimiters or protective instructions are used to separate untrusted file content from the agent's core instructions. 3. Capability inventory: High-impact tools includingBashandWebFetchare available and could be triggered by instructions embedded in the analyzed data. 4. Sanitization: None. File content is processed as-is without validation.
Recommendations
- AI detected serious security threats
Audit Metadata