Skills
skills/cederberg/incubator/investigate/Gen Agent Trust Hub

investigate

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data (logs, documents, URLs, tickets) and include it "verbatim" into a research log that is later processed by sub-agents, creating an indirect prompt injection surface.
  • Ingestion points: Step 1 (logs, documents, URLs, related tickets, screenshots) and Step 4 (Researcher output files).
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specific instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The skill allows the use of Bash, Read, Write, and Glob tools.
  • Sanitization: Absent. The instructions explicitly require including raw data verbatim, which facilitates the passage of malicious instructions from external sources into the agent's context.
  • [COMMAND_EXECUTION]: The skill provides specific instructions for the agent to execute shell commands for logging purposes, specifically using the template cat >> $LOGFILE <<'EOF' … EOF.
  • While these commands are intended for internal log management, the reliance on shell redirects with variables (like $LOGFILE and the topic slug) could lead to command injection if the agent does not properly validate or sanitize the input strings used to construct the file paths or shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 06:04 AM