auri-core
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The comparative table in section 11 contains the string '/usr/bin/bash' embedded within a currency field ('R/usr/bin/bash-99/mes'). This pattern is highly unusual for documentation and resembles techniques used to smuggle executable paths or test for command injection vulnerabilities in automated parsers.\n- [DATA_EXFILTRATION]: Section 14 discloses absolute local filesystem paths ('C:/Users/renat/skills/auri-core/' and 'C:/Users/renat/skills/amazon-alexa/SKILL.md'). This exposes the author's local username and directory structure to the agent and any connected systems.\n- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection. \n
- Ingestion points: Untrusted user speech is ingested via 'user_speech' slots (Section 3.3).\n
- Boundary markers: None mentioned; input is passed directly to the model.\n
- Capability inventory: Uses the Anthropic API to generate responses which influence the user interaction and session state (Section 3.3).\n
- Sanitization: No evidence of input validation or escaping before interpolation into the prompt.
Audit Metadata