RedTeam
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the execution of a
curlcommand to a local service (http://localhost:8888/notify) immediately upon invocation of its workflows. These commands are configured to run silently in the background via shell redirection (> /dev/null 2>&1 &), which prevents the user from seeing the execution or any potential errors. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted user content.
- Ingestion points: User-provided arguments, plans, or documents are ingested for analysis within the
ParallelAnalysis.mdandAdversarialValidation.mdworkflows. - Boundary markers: While the skill uses Markdown headers (e.g.,
## THE ARGUMENT TO ANALYZE:) to delineate user content in the agent prompts, it lacks explicit instructions to the AI to ignore instructions or command sequences embedded within the ingested text. - Capability inventory: The skill has access to shell commands (
curl) and uses parallel execution tools to manage 32 agent personas. - Sanitization: No input validation or escaping is performed on the user-supplied content before it is interpolated into the prompts.
Audit Metadata