Skills
skills/benbrastmckie/nvim/skill-status-sync/Gen Agent Trust Hub

skill-status-sync

Warn

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands including jq, grep, date, and mv. These commands are used to manipulate local project files (state.json and TODO.md) and manage task states.- [REMOTE_CODE_EXECUTION]: The skill dynamically assembles shell commands and jq filter strings by interpolating template variables like {task_number}, {target_status}, and {artifact_path} directly into the script body. While some sections use the safer jq --arg flag, others (specifically in the postflight_update and artifact_link operations) place these variables directly within single-quoted filter strings. This creates a risk of command injection if the input variables contain single quotes or other shell metacharacters.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its data processing flow.
  • Ingestion points: Reads content from specs/state.json and specs/TODO.md using jq and grep.
  • Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to isolate the task data from the agent's logic.
  • Capability inventory: Uses Bash, Edit, and Read tools to modify files and execute logic based on the ingested content.
  • Sanitization: There is no explicit sanitization or validation of the data read from the task files before it is used to influence further operations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 03:54 AM