bat-cat
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill metadata specifies the installation of 'bat' via 'brew' or 'apt'. Since the repository (sharkdp/bat) is not included in the explicitly trusted organizations or repositories list, the dependency is considered unverifiable.\n- [COMMAND_EXECUTION] (LOW): The skill's primary function is to facilitate the execution of 'bat' commands in the shell for file inspection. This is the intended and documented behavior.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill enables an agent to read and process the contents of local files. This creates a vulnerability surface for indirect prompt injection where an attacker could place instructions inside a file intended for preview. \n
- Ingestion points: Any file path passed to the 'bat' command as shown in the SKILL.md examples.\n
- Boundary markers: None present in the instructions to separate file content from agent instructions.\n
- Capability inventory: Shell execution of 'bat' to read file contents into the agent context.\n
- Sanitization: None provided; the tool reads and outputs raw file content.
Audit Metadata