setup-build-tools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute a shell script (
install-build-tools.sh) located in the project's hidden hooks directory to install system packages. - Evidence:
bash "$CLAUDE_PROJECT_DIR/.claude/hooks/install-build-tools.sh"inSKILL.md. - Risk: Installing system-level tools (
dpkg-dev,nodejs,imagemagick) typically requires root/sudo privileges. Executing scripts from the project directory allows for arbitrary code execution if the project files are untrusted. - [PROMPT_INJECTION] (HIGH): The skill incorporates a raw argument placeholder (
$ARGUMENTS) at the end of the execution block without any sanitization or boundary markers. - Ingestion points:
$ARGUMENTSplaceholder inSKILL.md. - Boundary markers: None; external input is interpolated directly into the instruction context.
- Capability inventory: Shell command execution (
bash) and system package management. - Sanitization: None provided; the agent is not instructed to validate or escape the contents of
$ARGUMENTS. - Risk: An attacker could provide malicious input via
$ARGUMENTSto inject additional shell commands (e.g., using&∨) or to override the agent's primary mission via indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata