Skills
skills/athola/claude-night-market/service-registry/Gen Agent Trust Hub

service-registry

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates the execution of external applications via the Python subprocess module.
  • Evidence: The execute_safely function in modules/execution-patterns.md uses subprocess.run to launch command strings constructed from service configurations.
  • [PROMPT_INJECTION]: The skill's command construction logic is vulnerable to indirect prompt injection by embedding untrusted user data into command templates.
  • Ingestion points: The prompt and files arguments are consumed by the build_command function in modules/execution-patterns.md.
  • Boundary markers: Not utilized; input is directly interpolated into strings such as "{command} -p {prompt}".
  • Capability inventory: High-risk capability identified: arbitrary command execution on the host system.
  • Sanitization: The skill uses shlex.split which mitigates shell-level character escaping issues but does not sanitize the content to prevent it from being interpreted as malicious flags or parameters by the target CLI tools.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 06:51 PM