IterativeDepth

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The execution log command in SKILL.md uses shell redirection and command substitution to record activity. The 8_WORD_SUMMARY placeholder is intended to contain agent-generated summaries of user input. If this summary contains shell metacharacters like single quotes, it could allow an attacker (via the user input) to break out of the command and execute arbitrary shell instructions.
  • [PROMPT_INJECTION]: The skill's workflow ingests untrusted user requests and passes them to multiple sub-agents (lenses) without boundary markers or sanitization. This establishes a surface for indirect prompt injection, where malicious instructions in the request could influence the behavior of the analysis agents.
  • [DATA_EXFILTRATION]: The identified command injection vulnerability provides a potential path for data exfiltration. An attacker could craft a request that results in a summary containing a payload to transmit local environment data or files to a remote endpoint.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — IterativeDepth