table-filler
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests data from external sources and has write and execute capabilities. • Ingestion points: outline/subsection_briefs.jsonl, outline/evidence_drafts.jsonl, and outline/anchor_sheet.jsonl. • Boundary markers: Absent; no delimiters or instructions to ignore embedded commands in the source data are provided. • Capability inventory: Writing to outline/tables_index.md and executing the local script .codex/skills/table-filler/scripts/run.py. • Sanitization: Absent; the skill lacks any mention of escaping or validating external content before processing.
- [Command Execution] (MEDIUM): The skill documentation includes specific commands to execute a Python script located within its own directory. While not a remote download, executing local scripts that process untrusted external files (like the evidence packs) poses a risk of command injection or unauthorized system access if the script handles those inputs insecurely.
Recommendations
- AI detected serious security threats
Audit Metadata