nav-features
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes shell commands by interpolating user-provided feature names into bash strings. This presents a command injection risk if the feature name is not strictly validated.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The 'auto_update' feature is designed to 'update silently', which indicates a pattern of downloading and executing remote code at runtime without user intervention.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The 'auto_update' mechanism implies fetching content from external sources. Without explicit source verification or integrity checks in the documentation, this is a risk.
- [PROMPT_INJECTION] (LOW): Mandatory Evidence Chain for Indirect Prompt Injection: 1. Ingestion points: User-provided feature names in toggle requests via terminal interpolation. 2. Boundary markers: None. 3. Capability inventory: Bash execution of local Python script. 4. Sanitization: Documentation lists supported features and error handling, but lacks explicit sanitization of the interpolation boundary.
Audit Metadata