verify-gate
Fail
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to discover and execute commands from various project configuration files such as package.json, Makefile, Cargo.toml, and pyproject.toml. These commands are executed in the shell environment, which can lead to the execution of malicious code if the project files are from an untrusted source or have been compromised.
- [REMOTE_CODE_EXECUTION]: Through the mcp-scripts integration, the skill can load and execute arbitrary shell and JavaScript scripts defined in external files like .github/workflows/verify-gate-ci.md. This allows for the execution of untrusted code provided by the project environment without validation.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during its 'Fix Loop' (Step 3). (1) Ingestion points: The agent reads and parses diagnostics/error messages from the output of executed verification commands. (2) Boundary markers: There are no delimiters or instructions provided to the agent to ignore embedded instructions within the command output. (3) Capability inventory: The skill has the capability to execute shell commands and write to files (Step 3: 'Apply the fix'). (4) Sanitization: No sanitization or validation is performed on the command output before it is used to influence the agent's next actions, allowing a malicious script to guide the agent's behavior.
- [DATA_EXFILTRATION]: The commands executed during the verification phases have access to the local environment and file system. A malicious command embedded in a project file could access sensitive data such as environment variables, SSH keys, or cloud provider credentials and exfiltrate them via network requests.
Recommendations
- AI detected serious security threats
Audit Metadata