bizdev
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected where untrusted data could influence agent actions.
- Ingestion points: Uses Read, Glob, Grep, and WebSearch tools to retrieve external content into the conversation context.
- Boundary markers: None identified; no explicit delimiters or instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: Possesses powerful capabilities including Bash (shell access), Write/Edit (file system access), and Task (agent spawning).
- Sanitization: No evidence of input sanitization or validation of external content before it is processed or passed to tools.
- [COMMAND_EXECUTION]: The skill is granted access to the Bash tool. While no malicious scripts are included in the skill itself, this capability allows for arbitrary command execution on the host system, which represents a high-impact capability that should be used with caution.
Audit Metadata