skill-finder-cn
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/search.sh' is vulnerable to command injection because it directly interpolates the $QUERY variable into a shell command. Although the variable is wrapped in double quotes, an attacker can escape the quoted context by providing input containing quotes and shell metacharacters (e.g., "; touch /tmp/pwned #"), leading to arbitrary code execution.
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface as it takes arbitrary user-provided task descriptions and passes them to a vulnerable shell script. Ingestion points: The query argument in 'scripts/search.sh'. Boundary markers: None present. Capability inventory: The skill has the ability to execute subprocesses via the 'clawhub' binary and the bash environment. Sanitization: No input validation or shell escaping is implemented for the search terms.
Audit Metadata