interview
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands in Step 0 for version checking and updating. This includes using curl to fetch data from GitHub and running package managers like uv, pipx, and the claude CLI to upgrade components. While these actions are gated by a user prompt, they involve high-privilege operations on the local environment.
- [EXTERNAL_DOWNLOADS]: The skill connects to the GitHub API to check for updates and facilitates the downloading of newer versions of the Ouroboros plugin and MCP server from remote repositories.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from multiple sources. 1. Ingestion points: User input (initial_context), codebase files read via Read/Glob/Grep, and external web content fetched via WebFetch/WebSearch. 2. Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the data it retrieves. 3. Capability inventory: The skill can execute shell commands (for updates), read and write files through its tools, and access the network. 4. Sanitization: No sanitization or validation of the ingested external content is described before it is used to generate interview questions.
Audit Metadata