search-docs
Fail
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PRIVILEGE_ESCALATION]: The skill instructions mandate the use of
mode: "bypassPermissions"when invoking the documentation search subagent. This is an explicit attempt to override security constraints and access controls within the agent's environment. - [INDIRECT_PROMPT_INJECTION]: The skill processes external input via the
$ARGUMENTSvariable and interpolates it directly into a subagent prompt without validation or delimiters. - Ingestion points:
$ARGUMENTSvariable in SKILL.md. - Boundary markers: Absent. There are no markers to delineate user input from system instructions.
- Capability inventory: Subagent task execution with administrative/bypass permission levels.
- Sanitization: Absent. User-supplied search topics are passed to the subagent raw.
Recommendations
- AI detected serious security threats
Audit Metadata