ask
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local binary named 'ask' using either Bash or PowerShell. In
SKILL.md, it usesBash(CCB_CALLER=claude ask $PROVIDER "$MESSAGE"). InSKILL.md.powershell, it usesStart-Processto run the same binary, passing user-provided message content via standard input redirection from a temporary file. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: The
$MESSAGEvariable in bothSKILL.mdandSKILL.md.powershellacts as a conduit for untrusted user-provided data. - Boundary markers: There are no boundary markers or 'ignore' instructions wrapping the
$MESSAGEvariable to prevent the AI provider from interpreting embedded instructions. - Capability inventory: The skill has the capability to execute subprocesses (
askbinary) and write to the file system (viaNew-TemporaryFilein PowerShell). - Sanitization: No sanitization or validation is performed on the
$MESSAGEcontent before it is passed to the subprocess or written to disk.
Audit Metadata