WorldThreatModelHarness

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands (curl) for voice notifications across all workflows (e.g., SKILL.md, TestIdea.md). These commands target a service running on localhost:8888. While intended for user feedback, executing shell commands with interpolated content can be a security risk if the content is not properly sanitized.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the TestIdea.md workflow. It processes user-supplied ideas and research data, then interpolates the resulting summary into a shell command.
  • Ingestion points: User-provided ideas and concepts are ingested in Workflows/TestIdea.md, and external research data is ingested via the Research skill in Workflows/UpdateModels.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the user idea or research data as untrusted content that should not be obeyed as instructions.
  • Capability inventory: The skill uses curl command execution in every workflow file (TestIdea.md, UpdateModels.md, ViewModels.md).
  • Sanitization: There is no evidence of sanitization or escaping of the {SUMMARY_OF_EXECUTIVE_VERDICT} or other variables before they are placed into the curl data payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — WorldThreatModelHarness