project-bro
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (CRITICAL): Automated scanner (URLite) detected a blacklisted malicious URL within the
requirements.mdfile (URL:Blacklist|UR4EFAFDCAD26E3E52-0200|urlb). This file is a primary source of information for the skill, and reading it could lead to the agent or user interacting with a known malicious domain. - Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted documentation files without sanitization or explicit boundary instructions.
- Ingestion points:
project/docs/specs/requirements.md,project/docs/roadmap.md,project/docs/discovery-brief.md, and other project files. - Boundary markers: Absent. There are no instructions to the agent to distinguish between its own logic and the instructions contained within the project files.
- Capability inventory: The skill uses
list_dir,view_file_outline, andgrep_searchto read files. It also can use project-specific MCP tools (e.g.,mcp_<project-name>_*) and delegate tasks to other specialized skills. - Sanitization: Absent. No filtering or validation of document content is performed before processing.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata