autonew
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a terminal command
autonew $PROVIDERwhere the$PROVIDERvariable is supplied as input. Direct interpolation of variables into shell commands without explicit sanitization or escaping presents a potential command injection surface. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by accepting an untrusted variable (
$PROVIDER) used in an execution context. Ingestion points: The$PROVIDERvariable defined in the Execution section ofSKILL.md. Boundary markers: None present; input is used directly in the shell string. Capability inventory: The skill uses theautonewcommand-line utility to interact with provider sessions. Sanitization: No input validation or sanitization logic is defined within the skill file.
Audit Metadata