pend
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local system command named 'pend' in both Bash and PowerShell environments, passing arguments directly from the user context to the shell.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) due to how it processes data from external AI providers.
- Ingestion points: Data enters the agent's context through the output of the 'pend' command, which fetches replies from external providers like Gemini, Claude, and Codex (File: SKILL.md, SKILL.md.powershell).
- Boundary markers: There are no explicit delimiters or protective instructions (e.g., 'ignore embedded instructions') used to wrap the retrieved provider content.
- Capability inventory: The skill's primary capability is the execution of a subprocess command ('pend').
- Sanitization: The skill definition does not include any logic to sanitize, filter, or escape the content returned by the AI providers before it is presented to the agent.
Audit Metadata