Skills
skills/alekspetrov/navigator/plugin-slash-command/Gen Agent Trust Hub

plugin-slash-command

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Data Exposure] (HIGH): Path Traversal in functions/command_validator.py. The validate_command_file function reads file contents from a user-provided path using Path(file_path).read_text() without validation or directory restriction, enabling access to arbitrary system files (e.g., ~/.ssh/id_rsa).
  • [Indirect Prompt Injection] (LOW): Surface for indirect prompt injection in functions/command_generator.py.
  • Ingestion points: Untrusted strings in the description and sections arguments of generate_command in functions/command_generator.py.
  • Boundary markers: Absent. No delimiters are used to isolate user-provided content from the markdown instruction templates.
  • Capability inventory: The generated markdown files serve as the primary instruction set for the Navigator agent.
  • Sanitization: None; the script interpolates raw input directly into f-strings, allowing malicious instructions to be embedded in generated documentation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:37 PM