Optimize
Warn
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary shell commands provided through the "--measure" and "--extract" arguments to generate metrics, allowing for general command execution on the host. It also performs file modifications on paths specified via "--files" and "--target", which can include sensitive directories like "~/.claude/".
- [PROMPT_INJECTION]: The "Eval mode" is susceptible to indirect prompt injection as it ingests and evaluates content from external files. Maliciously crafted content in these targets could influence the agent's evaluation logic.
- Ingestion points: Content is read from files and directories specified by the "--target" and "--files" arguments in SKILL.md.
- Boundary markers: Absent. No delimiters are used to separate target content from instructions.
- Capability inventory: Includes file system write access and arbitrary shell command execution.
- Sanitization: Absent. Target content is processed without validation or sanitization.
Audit Metadata