patent-drafter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute shell commands in Step 3 and Step 6 to run quality check tools. Specifically, the command
python claim-analyzer.py ../patents/drafts/[invention-name]-claims.mduses a variable derived from user input. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection. An attacker can provide an invention disclosure with a malicious name/title (e.g.,
test; rm -rf / ;) which, when interpolated into the shell command, results in arbitrary command execution. - Ingestion points: Invention disclosure or description (user-controlled input).
- Boundary markers: Absent. The skill does not define delimiters or instructions to ignore embedded commands in the input data.
- Capability inventory: Shell execution of Python scripts (
claim-analyzer.py,word-count.py). - Sanitization: Absent. There is no validation or escaping of the
[invention-name]variable before it is used in a shell context. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on external logic contained in
tools/claim-analyzer.pyandtools/word-count.py. These files are not provided in the skill package, making their behavior unverifiable and potentially dangerous if they were modified or replaced by a malicious actor.
Recommendations
- AI detected serious security threats
Audit Metadata