build-skill-zips
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute a local script located atscripts/build-skill-zips.sh. - [PROMPT_INJECTION]: The skill interpolates user-supplied data (
$ARGUMENTS) directly into a shell command line (bash scripts/build-skill-zips.sh $ARGUMENTS). This surface is vulnerable to indirect prompt injection and command injection. - Ingestion points: User input is ingested via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: No delimiters or instructions to ignore embedded commands are present around the interpolated arguments.
- Capability inventory: The skill has access to the
Bashtool, allowing for arbitrary command execution on the host system. - Sanitization: There are no instructions provided to the agent to sanitize, validate, or escape the content of
$ARGUMENTSbefore shell execution. - [REMOTE_CODE_EXECUTION]: The skill relies on an external script file (
scripts/build-skill-zips.sh) that is not included in the provided context, making its behavior and safety unverifiable during this audit.
Audit Metadata