yy-run-skills
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill functions as a dispatcher that takes user-provided strings and executes them as commands via the 'Skill tool'. It explicitly omits validation of whether the skill exists in an authorized directory, instead attempting to execute any provided name directly. This lack of validation facilitates the execution of arbitrary skills present in the environment.
- [PROMPT_INJECTION]: The design is susceptible to indirect prompt injection. Since the skill acts on a list of tokens, an attacker could inject malicious skill names into data sources the agent reads, which are then passed to this skill for execution. The instructions do not define security boundaries or an allowlist to mitigate this risk.
Audit Metadata