learnings-researcher
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Risk of indirect prompt injection. The skill retrieves and distills information from external files in the 'docs/solutions/' directory. If an attacker manages to place malicious instructions within these files, the agent might inadvertently execute them while performing its research task.
- Ingestion points: Files within 'docs/solutions/' and 'docs/solutions/patterns/critical-patterns.md'.
- Boundary markers: None are specified; the instructions do not include delimiters or warnings to ignore instructions found within documentation.
- Capability inventory: Use of 'Grep' and 'Read' tools to access and search the filesystem.
- Sanitization: No explicit sanitization or instruction-ignoring logic is performed on the content retrieved from external files.
- [COMMAND_EXECUTION]: Potential for command injection via search tool patterns. The skill's strategy involves extracting keywords from user-provided feature descriptions and using them to build search patterns (e.g., pattern='title:.*email'). If the underlying 'Grep' tool executes through a system shell without proper escaping, a malicious user could provide input containing shell metacharacters to execute unauthorized commands.
Audit Metadata