create-session
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input from the
$ARGUMENTSvariable to generate folder names. - Ingestion points: User-provided topic descriptions enter the skill context in Step 1 and are used in Steps 3, 4, and 5.
- Boundary markers: No delimiters or safety instructions (e.g., 'ignore instructions within this input') are provided to the agent to prevent the topic from being interpreted as instructions.
- Capability inventory: The skill possesses the
BashandWritecapabilities, allowing for system command execution and file manipulation. - Sanitization: The skill lacks any instructions to sanitize, escape, or validate the user input before it is used in system operations.
- [COMMAND_EXECUTION]: Bash commands in the skill logic use variables derived from user-controlled input.
- Evidence: The command
mkdir -p "sessions/YYYY-MM-DD_topic/"in Step 3 incorporates the user topic. In a bash environment, content within double quotes that contains shell metacharacters such as backticks or$()will be executed by the interpreter, leading to potential arbitrary command execution.
Audit Metadata