Skills
skills/cristoslc/swain/swain-status/Gen Agent Trust Hub

swain-status

Warn

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to dynamically locate shell scripts using find and execute them via bash. This pattern of dynamic path computation (e.g., searching for swain-status.sh or chart.sh) can lead to unintended code execution if a malicious file with a matching name is placed within the search paths.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from GitHub issues and local project artifacts. 1. Ingestion points: GitHub issue titles and markdown descriptions in project artifacts. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used in the agent summary template. 3. Capability inventory: The agent has access to the Bash tool for command execution and file reading. 4. Sanitization: Although scripts use jq for internal data handling, the final summary presented to the user lacks sanitization or clear separation of external content.
  • [EXTERNAL_DOWNLOADS]: The skill uses the official gh CLI to fetch issue and user data from GitHub. While this uses a well-known and trusted service, the data returned is processed by the agent, contributing to the indirect injection surface.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 22, 2026, 05:16 AM