muster
Fail
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a "Self-Evolving Skill" section and a "Post-Execution Reflection" block that explicitly instruct the AI agent to rewrite the SKILL.md file if it identifies issues or "drifts." This creates a mechanism for persistent instruction injection, where an attacker could influence the agent to permanently alter its behavior or bypass safety constraints through self-modification.
- [COMMAND_EXECUTION]: The fallback implementation for the <loop_id> argument unsafely interpolates user-provided input into a jq filter string:
jq -r "select(.loop_id == \"$loop_id\")". A malicious input could break out of the string literal to execute arbitrary jq filters, potentially leaking sensitive data from the loop registry that would otherwise be filtered out.
Recommendations
- AI detected serious security threats
Audit Metadata