Skills
skills/0xbigboss/claude-code/tilt/Gen Agent Trust Hub

tilt

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The documentation in TILTFILE_API.md and SKILL.md provides patterns for executing arbitrary shell commands via the local_resource cmd and serve_cmd arguments, as well as the local() Starlark function. This allows the skill to run any command on the user's host machine.
  • REMOTE_CODE_EXECUTION (HIGH): The skill supports the load('ext://...') mechanism and v1alpha1.extension_repo for fetching and executing extensions from external GitHub repositories. Since these sources are not in the analyzer's trusted list, this represents an unverified remote code execution vector.
  • PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection. 1. Ingestion points: The agent reads data from tilt logs and tilt get uiresources (referenced in SKILL.md and CLI_REFERENCE.md). 2. Boundary markers: No delimiters or ignore instructions are used when processing log/resource content. 3. Capability inventory: The agent can trigger resource updates, start/stop environments, and execute arbitrary commands. 4. Sanitization: No escaping or filtering of log/status content is performed before the agent processes it.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 10:30 PM