meta-cognition-parallel
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Data Exfiltration] (MEDIUM): The skill attempts to access files using path traversal (e.g.,
../../agents/layer1-analyzer.md). This probes the filesystem outside the skill's own directory, which could lead to unauthorized exposure of other agent configurations or sensitive system files. - [Prompt Injection] (HIGH): The skill lacks any boundary markers or sanitization when interpolating
$ARGUMENTSinto sub-agent prompts. A malicious user could provide a 'Rust question' that contains instructions to hijack the sub-agents. - [Indirect Prompt Injection] (HIGH): Mandatory Evidence:
- Ingestion points: The
$ARGUMENTSvariable inSKILL.md(Step 2 of Agent Mode). - Boundary markers: Absent. The prompt is constructed via direct string concatenation (
+ "\n\n## User Query\n" + $ARGUMENTS). - Capability inventory: Can read local files via relative paths and launch background sub-tasks (
Taskcalls). - Sanitization: None. User input is treated as trusted content.
Recommendations
- AI detected serious security threats
Audit Metadata