product-operations
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is granted access to the
Bashtool in the YAML frontmatter. While no specific malicious commands are present in the instructions, the availability of a shell interface represents a high-privilege capability that increases the potential impact of other vulnerabilities. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its operational design. It is instructed to ingest and process untrusted external data through
WebSearchand customer feedback via the/feedback-recalland/feedback-capturemechanisms. - Ingestion points: Web search results and customer feedback retrieved via context protocols (SKILL.md).
- Boundary markers: The skill lacks explicit instructions for using delimiters or boundary markers to isolate untrusted data from its primary instructions.
- Capability inventory: The agent possesses powerful capabilities including
Bashcommand execution, file system modification (Write,Edit), and sub-agent spawning (Task) (SKILL.md). - Sanitization: There are no defined procedures for sanitizing, validating, or escaping external content before it is processed or interpolated into the agent's context.
Audit Metadata