compliance-automation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes external infrastructure data (referred to as a 'catalog') to identify compliance violations, which then triggers automated remediation actions. This creates a high-severity vulnerability surface.
- Ingestion points:
GDPRComplianceChecker.check_all_requirements(catalog),HIPAAComplianceChecker.check_technical_safeguards(catalog), andSOC2ComplianceChecker.check_trust_services_criteria(catalog)inSKILL.md. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present to distinguish between data and potential malicious instructions within the catalog.
- Capability inventory:
auto_remediate_compliance_violationsinSKILL.mdincludes capabilities torevoke_excessive_permissions,enable_encryption,apply_masking, andexecute_retention_policy. - Sanitization: No evidence of sanitization or validation of the input 'catalog' data before it influences remediation decisions.
- [Command Execution] (HIGH): The skill implements logic for automated administrative actions. While intended for compliance, functions like
revoke_excessive_permissionsandexecute_retention_policyrepresent high-impact operations that can lead to denial of service or unauthorized access modifications if triggered maliciously through manipulated compliance reports.
Recommendations
- AI detected serious security threats
Audit Metadata