intelligems-api
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill mandates that the agent read and follow 'references/external-api.md' to build API integrations, including health checks and Slack bots. This creates a significant indirect prompt injection surface where malicious instructions within the documentation could manipulate the agent while it has the capability to write and execute code or make network requests. Evidence: 1. Ingestion point: references/external-api.md. 2. Boundary markers: Absent; no instructions to disregard embedded commands in the docs. 3. Capability inventory: High-tier; intended for writing/executing integration code. 4. Sanitization: Absent.
- [Unverifiable Dependencies] (MEDIUM): The installation instructions utilize an untrusted source ('Victorpay1') via npx, which is not verified under the trust-scope rules, potentially leading to the execution of unvetted installation scripts.
Recommendations
- AI detected serious security threats
Audit Metadata