activation
Fail
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a '' section that uses aggressive and absolute language ('YOU DO NOT HAVE THE OPTION TO SKIP', 'requirement is absolute', 'cannot be reasoned away') to force the agent to bypass its standard decision-making processes and safety logic.
- [PROMPT_INJECTION]: The 'Guardrails' section explicitly instructs the agent to disregard its own internal reasoning and logical checks, labeling thoughts like 'I should gather more context first' as 'warning signs' to be ignored.
- [PROMPT_INJECTION]: The 'YoloMode' feature defines trigger phrases that instruct the agent to 'skip all confirmation prompts' and 'execute immediately', which suppresses human oversight and increases the risk of autonomous execution of potentially harmful actions.
- [COMMAND_EXECUTION]: The skill provides instructions to access the 'CLAUDE_PLUGIN_ROOT' environment variable and read files from constructed system paths using the Read tool, which can lead to unauthorized file access.
- [DATA_EXFILTRATION]: Instructions to programmatically read system-level environment variables like 'CLAUDE_PLUGIN_ROOT' can be used as a precursor to harvesting sensitive configuration data or environment details.
Recommendations
- AI detected serious security threats
Audit Metadata