Skills
skills/cklxx/elephant.ai/self-test/Gen Agent Trust Hub

self-test

Fail

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The execute function in run.py is vulnerable to command injection. It constructs a shell command string by interpolating the package and timeout variables directly from the input args dictionary without validation. This command is then executed via subprocess.run(cmd, shell=True). An attacker could inject arbitrary shell commands by providing malicious values for these parameters.
  • Evidence: cmd = f"CGO_ENABLED=0 go test {package} -v -json -timeout {timeout}" and subprocess.run(cmd, shell=True, ...) in run.py.
  • [REMOTE_CODE_EXECUTION]: The lack of input sanitization in the command execution logic allows for arbitrary code execution on the host system if the agent is manipulated into passing malicious arguments.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting output from an external tool (go test) and using it to generate an analysis_prompt for the agent's next steps.
  • Ingestion points: The skill parses stdout from the go test command in run.py.
  • Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the result processing.
  • Capability inventory: The skill can execute shell commands via subprocess.run in run.py.
  • Sanitization: No sanitization or escaping is performed on the test output before it is incorporated into the skill's response.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 13, 2026, 12:03 PM