Skills
skills/catlog22/claude-code-workflow/workflow-lite-execute/Gen Agent Trust Hub

workflow-lite-execute

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is vulnerable to shell injection. In the executeBatch function, it constructs a command for the ccw CLI by interpolating the results of buildExecutionPrompt(batch) directly into a Bash tool call. This prompt contains unsanitized user input and file content, allowing an attacker to execute arbitrary system commands by including shell metacharacters like backticks or subshell markers.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. It ingests untrusted data from user-specified files and structured task definitions and passes it to sub-agents and external tools without sanitization. Ingestion points: Read(filePath), .task/*.json, and executionContext. Boundary markers: Markdown headers. Capability inventory: Bash, Agent, Read, Write, Edit, Glob, Grep. Sanitization: None.
  • [DATA_EXFILTRATION]: The skill allows arbitrary file reading based on user-provided paths. Combined with the command execution capabilities and the network-enabled ccw tool, this poses a risk of sensitive data exposure and exfiltration.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 04:09 PM