improve
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill relies on
docs/improvements.mdto define its tasks, creating an indirect prompt injection surface. An attacker who can influence the content of this file could provide malicious instructions that the agent would then attempt to implement.\n - Ingestion points: The agent reads tasks from
docs/improvements.mdusing theReadtool.\n - Boundary markers: No specific delimiters or safety instructions are provided to the agent to treat the file content as untrusted data.\n
- Capability inventory: The agent has access to
Edit,Write, andBashtools, allowing for arbitrary code modification and system command execution.\n - Sanitization: The skill does not validate or sanitize the tasks extracted from the markdown file.\n- [COMMAND_EXECUTION]: The skill includes instructions and code recipes for creating background processes using
Process.fork. While legitimate for the skill's purpose, this functionality can be misused to run persistent or concealed code if the task source is subverted.\n- [EXTERNAL_DOWNLOADS]: The guidelines for 'External Integration' within the skill permit the installation of new Ruby gem dependencies. This enables the potential introduction of unverified third-party code into the system if the agent is directed to install malicious packages.
Audit Metadata