Skills
skills/bluewaves-creations/bluewaves-skills/init-skill/Gen Agent Trust Hub

init-skill

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a computed script path containing relative traversal (../skill-shaper/scripts/init_skill.py) to execute a script outside the skill's own directory scope. This relies on an assumed directory structure and can be used to execute unintended files if the environment is manipulated.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect injection and shell command injection via the $ARGUMENTS variable.
  • Ingestion points: Untrusted user input enters the agent context through the $ARGUMENTS placeholder in SKILL.md.
  • Boundary markers: None; the variable is interpolated directly into the bash shell command without quotes or delimiters.
  • Capability inventory: The skill uses the Bash tool to execute python3 with the provided arguments.
  • Sanitization: No escaping, validation, or filtering is performed on the $ARGUMENTS before they are passed to the shell, allowing for the execution of arbitrary commands via characters such as ;, &, or |.
  • [COMMAND_EXECUTION]: The execution of python3 "$SCRIPT" $ARGUMENTS is inherently unsafe as it allows shell metacharacters in $ARGUMENTS to break out of the intended command context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 10:15 PM