tool-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The file 'references/architectural_reduction.md' details the implementation of an 'execute_command' tool that runs arbitrary bash commands via 'sandbox.exec(command)'. This grants the agent broad access to the shell, which is a significant security risk.
- [REMOTE_CODE_EXECUTION] (HIGH): By allowing the agent to execute any bash command it generates, the skill enables potential remote code execution within the agent's environment. This is especially dangerous if the agent is influenced by untrusted external data.
- [PROMPT_INJECTION] (HIGH): The proposed architecture lacks boundary markers or sanitization for inputs processed by the command execution tool. Using standard Unix tools like 'grep' and 'cat' to navigate documentation files creates a significant surface for indirect prompt injection if those files are attacker-controlled.
Recommendations
- AI detected serious security threats
Audit Metadata