multi-tool-architecture-assessment
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains explicit instructions for the agent to 'check for tokens/credentials' during the system state audit phase.
- [COMMAND_EXECUTION]: The agent is directed to use the terminal to 'check config dirs' and audit the machine's state, which involves querying sensitive system locations.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: The 'External Research' phase utilizes the 'web' tool to ingest data from external repositories (GitHub, npm, PyPI) into the agent's context.
- Boundary markers: No delimiters or warnings are present to instruct the agent to ignore instructions embedded in the external content.
- Capability inventory: The agent has access to 'terminal' and 'file' toolsets across multiple agents, which could be misused if a malicious external source contains actionable instructions.
- Sanitization: There is no evidence of filtering or validation for the content retrieved from external sources before it is used to generate a comparison table or execution plan.
Recommendations
- AI detected serious security threats
Audit Metadata