execute
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The Verification subagent executes shell commands extracted from the Tool Chain table and verification checklists in external plan files. If these files are malicious, an attacker can execute arbitrary code on the user's system.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Data from plan files is ingested and interpolated verbatim into subagent prompts. No boundary markers or 'ignore embedded instructions' warnings are present in the prompt templates. The subagents possess file system access and the ability to run tools, and no sanitization is applied to the plan data, allowing for complete hijacking of the subagents' logic.
- [DATA_EXFILTRATION]: Given the subagents' capabilities to read local files and execute commands, a malicious plan could include instructions to harvest sensitive information like SSH keys or environment secrets and exfiltrate them via network requests.
Audit Metadata