the-underboss
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of the 'Contract' document. Malicious instructions embedded in the 'Contract' could influence the decomposition process or the content of generated tasks. • Ingestion points: The 'Contract' document read during task decomposition. • Boundary markers: None; the skill does not specify markers to isolate untrusted content from its operational instructions. • Capability inventory: Generates 'Work Packages' that include bash shell blocks for verification. • Sanitization: None; there is no mention of validating or escaping content extracted from the 'Contract'.
- [COMMAND_EXECUTION]: The instructions mandate the generation of shell commands within 'Work Packages' for verification purposes. This creates a mechanism where commands derived from the external 'Contract' are prepared for execution, posing a risk if the input source is controlled by an attacker.
Audit Metadata