wsl-embedded-debugging
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- Category 5: Privilege Escalation (HIGH): The skill documentation (SKILL.md and troubleshooting guide) explicitly directs users to bypass sandbox security controls. It recommends using 'full-access sandboxing' (e.g., 'danger-full-access') and instructs users to switch to 'less restricted' modes if security policies block host binary execution. This guidance encourages dismantling the security boundaries designed to isolate the agent from the host system.\n- Category 8: Indirect Prompt Injection (HIGH): The skill provides a high-privilege execution surface that is vulnerable to exploitation if the agent processes untrusted project data. \n
- Ingestion points: Command arguments passed to 'scripts/run_windows_embedded.sh'. \n
- Boundary markers: Absent. There are no delimiters or instructions to treat command components as untrusted data. \n
- Capability inventory: Full execution of host-side Windows binaries through the WSL interop layer, allowing file modification, host binary execution, and network access. \n
- Sanitization: Absent. Arguments are passed directly to the 'timeout' utility without validation or filtering.
Recommendations
- AI detected serious security threats
Audit Metadata