observability
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Automated URLite scanner identified a blacklisted malicious URL within the skill package (specifically associated with
main.rs). This indicates a potential connection to known malicious infrastructure or a downloader pattern. - PROMPT_INJECTION (HIGH): (Category 8) The skill exhibits a significant surface for Indirect Prompt Injection.
- Ingestion points: The skill specifically instructs the agent to log "Research findings" and "Unexpected findings" which are derived from untrusted external data (e.g., web scraping or file reading).
- Boundary markers: None are present in the provided format. External content is appended directly to the
logs/ai-thoughts.mdfile without delimiters. - Capability inventory: The skill possesses the capability to write directly to the local filesystem (
logs/ai-thoughts.md). - Sanitization: There is no logic or instruction to sanitize or escape data before writing it to the log. This allows an attacker to inject markdown or control sequences that could be interpreted by the agent or a human operator viewing the logs later.
- COMMAND_EXECUTION (LOW): The skill requires the agent to perform constant file system append operations. While this is the primary feature of an observability tool, the lack of path validation and data sanitization turns this standard operation into a potential risk vector.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata