kommo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Fetches untrusted data from the Kommo CRM via multiple API endpoints (leads, contacts, companies, tasks).
- Boundary markers: Absent. The skill does not use delimiters or instructions to prevent the agent from obeying commands embedded in CRM data.
- Capability inventory: The skill has significant capabilities, including network access (curl) and the ability to modify CRM data (POST/PATCH requests).
- Sanitization: None. Data from the API is processed and displayed without validation or filtering.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to use
bash -cfor all commands. Wrapping commands in a shell string with variable interpolation (e.g.,${KOMMO_SUBDOMAIN}) is a dangerous pattern that can lead to command injection if the environment variables are manipulated or contain malicious characters.
Recommendations
- AI detected serious security threats
Audit Metadata