intelligems-test-verdict
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (HIGH): Step 6 provides an optional automation feature that creates a macOS LaunchAgent via 'setup_automation.sh'. This establishes a persistent foothold for daily execution on the user's system.\n- Indirect Prompt Injection (HIGH): The skill processes data from the Intelligems API to generate human-readable verdicts. Malicious data from the API could influence agent behavior or reasoning.\n
- Ingestion points: Data fetched from Intelligems API by 'verdict.py'.\n
- Boundary markers: None identified in instructions.\n
- Capability inventory: Subprocess execution (python3), file-write operations (.env), and network communication (Slack webhooks).\n
- Sanitization: No evidence of sanitization for external content.\n- Data Exposure & Exfiltration (HIGH): The skill handles an 'INTELLIGEMS_API_KEY' stored in a local '.env' file and requests a Slack webhook URL. While storage is local, the execution of scripts with network access creates a significant exfiltration surface.\n- Command Execution (MEDIUM): The workflow involves frequent execution of bash commands and local Python scripts ('verdict.py', 'setup_automation.sh'). While functional, this execution model combined with external data ingestion increases the attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata