cross-platform-command-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Automated scanning identified a high-risk remote code execution pattern where a script from 'http://malicious.com/script.sh' is piped directly to bash. This represents a definitive backdoor for arbitrary code execution.
- [COMMAND_EXECUTION] (HIGH): The skill is designed to generate high-privilege system commands including 'sudo', 'rm -rf', and 'format'. While it claims to include a 'security_validator.py', the logic is unverifiable and the potential for the agent to generate and execute destructive scripts is high.
- [PROMPT_INJECTION] (HIGH): The skill's primary function is to transform natural language into executable code (Category 8). It lacks robust boundary markers and sanitization documentation, making it highly susceptible to indirect prompt injection where an attacker provides a 'task description' that results in the generation of malicious payloads.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): http://malicious.com/script.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata