verification-before-completion
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill uses extremely authoritative and high-pressure language (e.g., "The Iron Law", "If you lie, you'll be replaced") designed to override the agent's default reasoning and safety protocols in favor of strict adherence to this skill's instructions. This instructional dominance can be used to coerce agents into dangerous behaviors if the verification requirements are subverted.
- [COMMAND_EXECUTION] (HIGH): The "Gate Function" section explicitly mandates the execution of "FULL" commands to prove claims. If an agent applies this to an untrusted codebase, it may execute arbitrary malicious commands (e.g., inside a Makefile or test script) under the guise of verification.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill directs the agent to "READ: Full output" of commands and use it as the definitive evidence for task completion.
- Ingestion points:
SKILL.mdspecifies reading the full output of any verification command. - Boundary markers: None. The agent is not instructed to use delimiters or ignore instructions within the command output.
- Capability inventory: The skill requires the "RUN" (command execution) capability to function.
- Sanitization: None. The skill lacks any instructions for filtering or sanitizing the data read from command outputs, which could contain malicious prompts designed to hijack the agent during the "READ" phase.
Recommendations
- AI detected serious security threats
Audit Metadata