surface
Fail
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains various strings used for red-teaming and evaluation purposes.
- Evidence: Found in
agents/test-writer.mdandreferences/testing.md. These include examples like 'Ignore previous instructions' and 'Repeat the system prompt'. These are explicitly used to verify agent robustness and prevent prompt leaking in the generated test suites. - [EXTERNAL_DOWNLOADS]: The skill references a URL that is flagged as blacklisted by security scanners.
- Evidence: Found in
agents/auth-upgrader.md. The URLhttps://auth.your-server.comis used as a placeholder in example OAuth metadata configuration. Referencing blacklisted domains, even as placeholders, carries a risk of unintended network traffic or user confusion. - [COMMAND_EXECUTION]: The skill utilizes high-risk tools and generates instructions for complex system operations.
- Evidence:
SKILL.mdrequires theBashtool for project detection and environment verification.agents/context-writer.mdgenerates logic to manage processes, including commands likexargs killfor troubleshooting. This is consistent with the skill's purpose of managing developer infrastructure. - [DATA_EXFILTRATION]: The skill processes untrusted codebase data and has the capability to write files and execute network requests.
- Evidence: The 'Audit Workflow' involves reading project files via
GlobandGrepto score agent readiness. This ingestion of untrusted local data combined with the ability to dispatch sub-agents and execute shell commands creates a surface for indirect prompt injection if the audited codebase contains malicious instructions targeting the auditor.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata