Skills
skills/a-green-hand-jack/ml-research-skills/project-sync/Gen Agent Trust Hub

project-sync

Warn

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it automatically ingests data from local log files to pre-fill experiment details.
  • Ingestion points: In Step 2, the agent reads files from the $CODE_ROOT/experiments/ or $CODE_ROOT/outputs/logs/ directories.
  • Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish between data and potentially malicious instructions within those files.
  • Capability inventory: The skill possesses powerful tools including Bash, Write, Read, and Edit.
  • Sanitization: There is no evidence of sanitization or filtering applied to the content read from these files before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill contains a shell command injection vulnerability in Step 5 when executing Git commands. The agent runs git -C "$PAPER_ROOT" commit -m "exp: add <DATE> — <SHORT TITLE>" using the Bash tool. The <DATE> and <SHORT TITLE> variables are populated from either user input or data parsed from local log files. If these inputs contain shell metacharacters (e.g., ;, &, |), an attacker could execute arbitrary code on the underlying system.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 8, 2026, 11:08 AM