explain
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill interpolates the
$TARGETvariable directly into Bash command strings using double quotes (e.g.,test -f "$TARGET"andtokei "$TARGET"). This allows for command substitution attacks where a target name containing backticks or$(...)syntax will be executed by the shell. - [PROMPT_INJECTION] (HIGH): High Indirect Prompt Injection risk. The skill ingests untrusted data from local files and directories (Step 1 and 2) and passes this content directly to 'Expert Agents' via the Task tool (Step 3) without boundary markers. Malicious instructions embedded in code comments within the analyzed files could hijack the sub-agent's behavior to perform unauthorized actions.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references several external CLI tools (
ast-grep,tokei,rg,fd). While these are common developer utilities, they are executed via the Bash tool if available. No automatic remote download or installation was detected.
Recommendations
- AI detected serious security threats
Audit Metadata