command-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill demonstrates how to create commands that ingest user-provided arguments ($1, $ARGUMENTS) and file contents (@file) directly into prompts without boundary markers or sanitization. This creates a surface for indirect prompt injection where malicious content in a file or argument could influence the agent's behavior.
- Ingestion points: $1, $2, $ARGUMENTS, @$1 in examples/simple-commands.md.
- Boundary markers: Absent in examples.
- Capability inventory: Bash (git, npm, kubectl, helm), Read, Write.
- Sanitization: Absent.
- Command Execution (SAFE): The skill documents the use of bash execution via backticks (!
...). While powerful, the documentation explicitly recommends using restrictive 'allowed-tools' configurations (e.g., Bash(git:*)) to mitigate risk.
Audit Metadata