openspec-finishing-branch
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indire c t Prompt Injectio n (H I G H): The skill pos s e s s e s a high-severit y att a c k sur f a c e as it inge s t s unt r us t e d dat a and us e s it in sh e l l command s with sid e effe c t s. Evide n c e : (1) Inge s tio n point s : Variab l e s suc h a s , , and are dire c t l y interpolate d from the git environment or us e r input in SKIL L.md. (2) Boun d ar y mark e r s : None pre s e n t; the ins t r uc tio n s do not define delim it e r s or warn ing s to ignor e em b e d d e d ins t r uc tio n s. (3) Cap a bilit y invent or y : The skill exec u t e s 'git', 'gh' (Git Hu b C L I), 'op e n s p e c', and 'rm -r f' via sub p r o c e s s cal l s. (4) Sanitizatio n : No sanitizatio n or es c ap ing me c h anis m s are des c rib e d befor e variab l e interpolatio n.
- Dynam i c Executio n (H I G H): The skill cons t r uc t s and exec u t e s sh e l l command s at run t im e us ing st r ing interpolatio n of unt r us t e d dat a. An att a c k e r coul d manip u l at e the s e val u e s us ing sh e l l met a c h ar a c t e r s (e.g., sem i c ol on s or bac k tic k s) to per f or m unaut h or iz e d ac tio n s, suc h a s del e t ing fil e s via the 'rm -r f op e n s p e c/change s/' cal l or exfil t r at ing sen s it ive proje c t dat a.
Recommendations
- AI detected serious security threats
Audit Metadata