advanced-tool-usage
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill promotes using shell_execute to run system-level commands and pipe outputs (e.g., journalctl, rg), which creates a risk of command injection if the agent applies these patterns to unsanitized user or tool-generated inputs.
- REMOTE_CODE_EXECUTION (MEDIUM): The Search-then-Process pattern encourages ingesting raw data from external search tools and processing it directly through python_execute, which can lead to the execution of malicious code or instructions embedded in third-party content.
- DATA_EXFILTRATION (MEDIUM): The documentation includes patterns for accessing sensitive system logs via journalctl, which could be leveraged to expose internal system configurations, user activity, or security credentials.
- PROMPT_INJECTION (LOW): [Indirect Prompt Injection Surface]
- The skill defines multi-stage pipelines where untrusted data from web searches or external URLs is processed by execution tools without specifying boundary markers or sanitization protocols. Evidence: 1. Ingestion points: External data via tavily_search and read_url. 2. Boundary markers: Absent from documentation and examples. 3. Capability inventory: Includes shell_execute, python_execute, and redirect_tool_call. 4. Sanitization: No mention of validation or escaping techniques.
Audit Metadata