drawio
Warn
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The installation script
scripts/install.shusessudo apt-get installto install system-level dependencies like Graphviz on Linux, which involves executing commands with elevated privileges. - [EXTERNAL_DOWNLOADS]: The skill configuration and instructions direct the agent to download and install third-party code from the
Agents365-aiGitHub organization vianpx skills addandgit cloneoperations. - [PROMPT_INJECTION]: The skill design presents an indirect prompt injection surface as it ingests and processes potentially untrusted external data (natural language descriptions and local source code) without documented sanitization. * Ingestion points: Natural language input and local codebase files (Python, JS/TS, Go, Rust) processed by scripts like
pyimports.pyandjsimports.py. * Boundary markers: Not present; the instructions do not specify any delimiters or instructions to ignore embedded commands within the processed data. * Capability inventory: The skill utilizes theBash,Read,Write,Edit, andWebFetchtools, providing a wide range of actions that could be exploited by injected instructions. * Sanitization: There is no evidence of input validation or content escaping before the data is interpolated into the workflow.
Audit Metadata