Skills
AGENT LAB: SKILLS
skills/trailofbits/skills/insecure-defaults/Gen Agent Trust Hub

insecure-defaults

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill allows the agent to ingest untrusted data from external source code and configuration files which creates a significant attack surface for indirect prompt injection.\n
  • Ingestion points: The skill utilizes Read, Grep, and Glob tools to load content from files like **/config/, **/auth/, and environment files into the agent's context.\n
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard natural language instructions found within the audited files.\n
  • Capability inventory: The skill allows access to the Bash tool which enables arbitrary command execution on the host system.\n
  • Sanitization: No sanitization or validation of the ingested file content is performed before the agent processes it or decides on subsequent actions.\n- [Command Execution] (HIGH): The inclusion of the Bash tool in allowed-tools provides a high-privilege execution environment. When combined with the workflow of scanning external repositories, an attacker could embed malicious commands in a file (e.g., in a comment or string) that the agent might be coerced into executing during the 'Verify' or 'Confirm' steps of its workflow.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:39 PM