memory-jq
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves building and running Bash commands using jq to update JSON files. Constructing these commands directly from user-supplied $ARGUMENTS creates a risk of shell command injection, where an attacker could use characters like semicolons or redirects to execute unintended code.
- [PROMPT_INJECTION]: This skill presents an indirect injection surface by using untrusted data to control file paths and modification logic. * Ingestion points: Data enters via the $ARGUMENTS metadata field. * Boundary markers: No markers are used to isolate user data from the command template. * Capability inventory: The skill utilizes the Bash tool for command execution and Read for file system access. * Sanitization: No input validation or escaping is required before the command is executed; the skill only validates the JSON structure after the file has been modified.
Audit Metadata