Leavn Ops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to process external, untrusted content including App Store reviews, user interview notes, and git commit messages. Because the skill is also granted the 'Bash' and 'Edit' tools, there is a high risk that malicious instructions hidden within that external data could be executed by the agent.
- Ingestion points: Processes git commits (Changelog generation), user reviews (Sentiment analysis), and user interviews (Synthesis) as specified in SKILL.md.
- Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to separate instructions from data.
- Capability inventory: Access to 'Bash' (command execution) and 'Edit' (file modification) allows for significant system impact.
- Sanitization: No input sanitization, validation, or filtering logic is mentioned or implemented.
Recommendations
- AI detected serious security threats
Audit Metadata