Skills
skills/tyler-r-kendrick/agent-skills/sensei/Gen Agent Trust Hub

sensei

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The 'VERIFY' step in 'SKILL.md' executes 'npm test' on the test suite of the skill being audited. This allows any arbitrary code present in the target skill's tests to run with the agent's full privileges.
  • COMMAND_EXECUTION (HIGH): The skill uses shell commands like 'cp -r' and 'npm run' with interpolated variables like '{skill-name}'. Without strict validation, this pattern is susceptible to command injection and path traversal.
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to Category 8 (Indirect Prompt Injection). It ingests untrusted content from 'SKILL.md' files (Ingestion Point) while possessing write and execute capabilities (Capability Inventory). The absence of boundary markers or sanitization logic allows malicious instructions embedded in target skill files to hijack the 'Ralph loop' improvement logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 03:37 AM