coding-agent
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a 'bash' tool for executing arbitrary shell commands on the system. It includes an 'elevated' parameter designed to run processes on the host machine rather than within a restricted sandbox environment.
- [REMOTE_CODE_EXECUTION]: The documentation encourages the use of highly permissive flags like '--yolo' and '--dangerously-skip-permissions' for agents like Codex, Claude, and Gemini. These flags disable safety filters and human-in-the-loop approvals, potentially allowing the execution of malicious code generated from untrusted inputs.
- [PROMPT_INJECTION]: By passing user-defined strings directly to AI coding agents, the skill is vulnerable to indirect prompt injection. This is particularly relevant when the skill is used to automate tasks like pull request reviews or code refactoring based on external data.
- [DATA_EXFILTRATION]: The skill grants sub-agents access to project directories and provides tools for network communication. Combined with warnings in the documentation about sensitive folders, this indicates a risk where malicious prompts could lead to the exposure and exfiltration of sensitive files.
Recommendations
- AI detected serious security threats
Audit Metadata