neo-team-copilot
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains explicit instructions for the 'Incident Investigator' specialist to read and parse sensitive environment files (e.g.,
.env.sit,.env.uat,.env) using bash commands to extract database credentials. - [COMMAND_EXECUTION]: Multiple specialist agents (Developer, DevOps, Incident Investigator, QA) are provided with bash command execution capabilities to interact with the file system, compile code, and manage live systems via tools like
kubectl,psql,argocd, anddocker. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources—including user requests, system logs, and database records—and interpolates this content into the prompts of downstream specialist agents without sanitization or protective boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata