vulnerability-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to ingest and analyze untrusted external data (project codebases) while possessing the high-privilege 'Bash' execution capability. This creates a critical surface for indirect prompt injection. [Ingestion points]: The agent is instructed to read project files using 'Read', 'Glob', and 'Grep' tools. [Boundary markers]: The skill lacks delimiters or explicit instructions to ignore commands found within scanned data. [Capability inventory]: The agent is granted 'Bash' access and the ability to run local scripts (security_scan.py), providing a path for unauthorized actions. [Sanitization]: There is no mention of sanitizing or escaping the content read from external projects before the agent processes it.
- COMMAND_EXECUTION (MEDIUM): The skill explicitly requests the 'Bash' tool and uses it to execute runtime scripts. This powerful capability is inherently risky when paired with an agent that interacts with external, untrusted content.
Recommendations
- AI detected serious security threats
Audit Metadata