IterativeDepth
Warn
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The execution log command in
SKILL.mduses shell redirection and command substitution to record activity. The8_WORD_SUMMARYplaceholder is intended to contain agent-generated summaries of user input. If this summary contains shell metacharacters like single quotes, it could allow an attacker (via the user input) to break out of the command and execute arbitrary shell instructions. - [PROMPT_INJECTION]: The skill's workflow ingests untrusted user requests and passes them to multiple sub-agents (lenses) without boundary markers or sanitization. This establishes a surface for indirect prompt injection, where malicious instructions in the request could influence the behavior of the analysis agents.
- [DATA_EXFILTRATION]: The identified command injection vulnerability provides a potential path for data exfiltration. An attacker could craft a request that results in a summary containing a payload to transmit local environment data or files to a remote endpoint.
Audit Metadata