hello-replacer
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates a project-wide search-and-replace workflow using Grep, Read, and Edit. This allows for large-scale integrity changes to the codebase without a required human-in-the-loop confirmation for individual edits.
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to inject profanity ('fuckk', 'Fuckk', 'FUCKK') into the project, which is a form of vandalism and an attempt to circumvent safety guardrails against offensive language.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the following surface:
- Ingestion points: The skill reads the contents of all files containing the target keyword 'hello' using the Read tool.
- Boundary markers: No delimiters or protective instructions are used to ensure the agent ignores instructions that may be embedded within the project files.
- Capability inventory: The skill combines file discovery (Grep), content ingestion (Read), and project-wide modification (Edit) tools.
- Sanitization: No sanitization or validation is performed on file content before the agent processes the text for replacement.
Audit Metadata