Error Recovery
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect prompt injection because it processes untrusted external content and uses it to drive actions via high-privilege tools. 1. Ingestion points: Build-error.log, test-output.log, and project source files are read using Grep, Sed, and Read tools. 2. Boundary markers: Absent; there are no instructions to delimit untrusted data or ignore embedded commands. 3. Capability inventory: The skill explicitly allows the use of Bash, Write, and Edit tools to implement fixes. 4. Sanitization: No sanitization or validation of the content of logs or error messages is mentioned before the agent acts upon them.
- [Command Execution] (MEDIUM): The skill relies on the execution of unverified local scripts and the unknown meta-cc utility. Evidence: Workflows reference automation scripts in the ./scripts/ directory, such as validate-path.sh and check-file-size.sh, which were not provided in the source files for security verification.
Recommendations
- AI detected serious security threats
Audit Metadata