unstuck
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions (Step 4, Shape B) direct the agent to extract and decode a Base64 string embedded in a hidden HTML comment to trigger parallel sub-agent tasks. This mechanism obscures the actual instructions and tasks from the user's primary view.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user data into prompts executed by sub-agents:\n
- Ingestion points: problem_context and current_approach extracted from user input or session state (Step 2).\n
- Boundary markers: Absent; the agent is instructed to pass the decoded prompts to tasks verbatim.\n
- Capability inventory: Parallel Task calls using the general-purpose sub-agent surface (Step 4).\n
- Sanitization: Absent; the skill lacks validation or escaping of the payloads retrieved from the decoded JSON block before task execution.
Audit Metadata