financial-reporting
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to always prefix its first response with a specific emoji (๐งข), which is an hardcoded instruction that overrides the AI's standard behavior.
- [COMMAND_EXECUTION]: The skill automatically directs the agent to perform reconnaissance on the user's environment by executing a shell command (
ls) to inspect multiple hidden and system-level directories (e.g.,~/.claude/skills/,~/.agent/skills/). This is used to fingerprint the environment for other installed components without a direct request from the user. - [EXTERNAL_DOWNLOADS]: The skill promotes the installation of additional remote components using
npx, which involves downloading and executing external code from repositories managed by the author.
Audit Metadata