Skills
skills/catlog22/maestro-flow/maestro-overlay/Gen Agent Trust Hub

maestro-overlay

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's primary purpose is to modify the system instructions of other commands in .claude/commands/*.md based on natural language intent. This establishes a surface for indirect prompt injection, as malicious input could persistently alter the agent's behavior or safety constraints in subsequent sessions.
  • Ingestion points: User-provided intent in SKILL.md arguments.
  • Boundary markers: Injected blocks use hashed HTML-comment markers.
  • Capability inventory: Bash tool for executing maestro commands; Write tool for creating patch files in ~/.maestro/overlays/.
  • Sanitization: No content validation or escaping is described for the natural language content being injected into system files.
  • [COMMAND_EXECUTION]: The skill executes the maestro CLI tool via functions.exec_command. Parameters such as <name> in the --remove flag are derived directly from user input without explicit sanitization, creating a potential risk for command injection if the user provides shell-sensitive characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:12 AM