ux-lead
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration enables the Bash tool, allowing the agent to execute arbitrary shell commands. This capability poses a risk of system compromise if the agent is influenced by malicious instructions found in processed data.
- [EXTERNAL_DOWNLOADS]: Access to the WebSearch tool enables the agent to fetch content from external websites, which could be used to retrieve malicious scripts or serve as an exfiltration vector.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted inputs from multiple sources.
- Ingestion points: Data enters the context via WebSearch, Read, Grep, and Glob tools.
- Boundary markers: The instructions lack clear delimiters or safety warnings to help the agent differentiate between its core instructions and data read from external sources.
- Capability inventory: The agent possesses powerful tools including Bash, Write, Edit, and Task, which can be misused if the agent is compromised.
- Sanitization: No input validation or content filtering is specified for data retrieved from the web or local filesystem before it is used to parameterize tool calls.
Audit Metadata