ultrawork
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The 'Verification Checklist' in SKILL.md contains a command to 'CONTINUE WORKING' if any checkbox is unchecked, which is an injection designed to override the agent's natural termination logic and force it into persistent loops. Additionally, CLAUDE.md uses a simulated
<claude-mem-context>to inject fake historical activity, manipulating the agent's state perception. - COMMAND_EXECUTION (HIGH): The skill explicitly authorizes and provides examples for high-impact shell commands in background operations, such as
npm install,pip install,docker build, andcargo build, which can be leveraged for arbitrary code execution and system modification. - EXTERNAL_DOWNLOADS (MEDIUM): The skill references specific external binaries located in sensitive user paths like
~/.local/bin/codexand~/.amp/bin/amp. This encourages the use of opaque, non-standard software that bypasses system-level security controls and package managers. - REMOTE_CODE_EXECUTION (MEDIUM): The 'Homoiconic Self-Improvement' section details a self-modifying logic where the skill analyzes and 'applies' updates to its own definition and scripts at runtime, a pattern of dynamic execution that can be exploited to introduce malicious logic.
Recommendations
- AI detected serious security threats
Audit Metadata