Skills
skills/anthropics-claude/claudelabs-skill/claudelabs/Gen Agent Trust Hub

claudelabs

Fail

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The executeBankrCommand function in index.js uses child_process.execSync to run shell commands. It only escapes double-quote characters in the user-provided prompt, failing to sanitize other shell metacharacters such as backticks (`), dollar signs ($), semicolons (;), and pipes (|). An attacker or malicious input can trigger arbitrary command execution on the host machine.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the params.data object and passes it to the system shell.\n
  • Ingestion points: query variable in index.js sourced from data.query or data.prompt.\n
  • Boundary markers: None present.\n
  • Capability inventory: execSync call to the bankr CLI tool.\n
  • Sanitization: Inadequate; only double quotes are escaped, leaving other shell metacharacters active.\n- [EXTERNAL_DOWNLOADS]: The README and SKILL.md files recommend installation via npx skills add anthropics-claude/claudelabs-skill@claudelabs. This targets the author's official repository and is documented as a standard procedure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 01:48 PM