Skills
skills/elihuvillaraus/skills/nudge-engine/Gen Agent Trust Hub

nudge-engine

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external sources without explicit sanitization or boundary markers.
  • Ingestion points: The skill processes pendingTasks arrays and userProfile objects, which often contain data from external project management tools or user inputs.
  • Boundary markers: There are no instructions defining delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions to prevent the agent from obeying commands embedded in task descriptions.
  • Capability inventory: The skill utilizes bash, git, and File ops, which could be exploited if an attacker-controlled task title contains a malicious command.
  • Sanitization: No evidence of validation, escaping, or filtering of the content within the pendingTasks is present.
  • [COMMAND_EXECUTION]: The skill documentation explicitly lists access to bash, git, and File ops as available tools for the agent. While typical for development workflows, the combination of command execution capabilities with the processing of untrusted data increases the skill's risk profile.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 02:51 PM
Security Audit — agent-trust-hub — nudge-engine