lazy-skill
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill constructs file paths from user-provided arguments without sanitization. This allows for directory traversal attacks, where an attacker could provide a path like '../../.ssh/id_rsa' to trick the agent into reading sensitive files outside the intended directory.
- [Prompt Injection] (MEDIUM): Raw user input from the $ARGUMENTS variable is passed directly into the agent's instructions, creating a surface for direct prompt injection and behavioral overrides.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and follow instructions from external files without using boundary markers or content validation. Ingestion points: local files in ~/.claude/lazy-skills/. Boundary markers: Absent; the agent is explicitly told to follow the loaded instructions. Capability inventory: Agent context expansion and file reading tools. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata