Skills
skills/catlog22/claude-code-workflow/csv-wave-pipeline/Gen Agent Trust Hub

csv-wave-pipeline

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically constructs a shell command to invoke the ccw cli tool in Phase 1. The user-provided requirement string is interpolated into a Bash call without adequate sanitization of shell-sensitive characters like double quotes or backticks. This allows an attacker to break out of the intended command and execute arbitrary shell instructions on the host system.
  • [PROMPT_INJECTION]: The skill's 'Wave Execution Engine' creates a significant surface for indirect prompt injection by propagating findings between agents.
  • Ingestion points: Agents ingest data from discoveries.ndjson (a shared exploration board) and prev_context (which pulls from the findings column of tasks.csv populated by previous agents).
  • Boundary markers: The instruction template for spawned agents uses standard markdown headers but lacks robust delimiters or 'ignore' instructions to prevent the agent from obeying commands embedded in the task findings or discoveries.
  • Capability inventory: Spawner and sub-agents have access to powerful tools including Bash, Write, and Edit within their defined scope.
  • Sanitization: There is no sanitization or filtering of agent-generated findings or discoveries before they are used as context for the next wave of execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 11:50 AM