no-mistakes

Fail

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to construct and execute shell commands using unvalidated user input for the --intent flag. Evidence from SKILL.md: "translate that request into the matching axi run flags yourself... pass the user's task as your --intent".
  • [REMOTE_CODE_EXECUTION]: The lack of sanitization when inserting the user's task description into the shell command no-mistakes axi run --intent "<intent>" allows an attacker to execute arbitrary code via shell metacharacters like semicolons or backticks.
  • [PROMPT_INJECTION]: The skill explicitly tells the agent to use the user's goal "verbatim" and "pass it through", which encourages the agent to bypass safety reasoning regarding shell command construction and sanitization.
  • [PROMPT_INJECTION]: Indirect injection surface detected. 1. Ingestion points: The agent reads gate: and findings objects from the output of the external no-mistakes tool. 2. Boundary markers: None present. 3. Capability inventory: The agent can execute shell commands and modify local files. 4. Sanitization: No sanitization or validation of the tool's findings output is described.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 05:31 AM
Security Audit — agent-trust-hub — no-mistakes