no-mistakes
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to construct and execute shell commands using unvalidated user input for the
--intentflag. Evidence from SKILL.md: "translate that request into the matching axi run flags yourself... pass the user's task as your --intent". - [REMOTE_CODE_EXECUTION]: The lack of sanitization when inserting the user's task description into the shell command
no-mistakes axi run --intent "<intent>"allows an attacker to execute arbitrary code via shell metacharacters like semicolons or backticks. - [PROMPT_INJECTION]: The skill explicitly tells the agent to use the user's goal "verbatim" and "pass it through", which encourages the agent to bypass safety reasoning regarding shell command construction and sanitization.
- [PROMPT_INJECTION]: Indirect injection surface detected. 1. Ingestion points: The agent reads
gate:andfindingsobjects from the output of the externalno-mistakestool. 2. Boundary markers: None present. 3. Capability inventory: The agent can execute shell commands and modify local files. 4. Sanitization: No sanitization or validation of the tool's findings output is described.
Recommendations
- AI detected serious security threats
Audit Metadata