WorldThreatModelHarness
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands (
curl) for voice notifications across all workflows (e.g.,SKILL.md,TestIdea.md). These commands target a service running onlocalhost:8888. While intended for user feedback, executing shell commands with interpolated content can be a security risk if the content is not properly sanitized. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in the
TestIdea.mdworkflow. It processes user-supplied ideas and research data, then interpolates the resulting summary into a shell command. - Ingestion points: User-provided ideas and concepts are ingested in
Workflows/TestIdea.md, and external research data is ingested via theResearchskill inWorkflows/UpdateModels.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the user idea or research data as untrusted content that should not be obeyed as instructions.
- Capability inventory: The skill uses
curlcommand execution in every workflow file (TestIdea.md,UpdateModels.md,ViewModels.md). - Sanitization: There is no evidence of sanitization or escaping of the
{SUMMARY_OF_EXECUTIVE_VERDICT}or other variables before they are placed into thecurldata payload.
Audit Metadata