quad-fact-check
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to execute shell commands using command substitution
$(cat <file>)inside double-quoted strings. This is a critical vulnerability that allows the content of the file being processed to execute arbitrary commands on the host system. - REMOTE_CODE_EXECUTION (HIGH): The use of
codex execcombined with the injection of untrusted file content provides a direct path for executing arbitrary code. - EXTERNAL_DOWNLOADS (MEDIUM): The skill requires unverified CLI tools (
gemini,codex) and references a fictitious model (gpt-5.3-codex), posing a high risk of tool-based attacks or deception. - PROMPT_INJECTION (LOW): (Category 8) The skill ingests external documents and passes them to other models without sanitization or boundary markers. Ingestion points: Documents identified in context (Step 1). Boundary markers: Absent; content is interpolated directly. Capability inventory: Shell execution (
bash), CLI tool execution (gemini,codex). Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata