RedTeam
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (HIGH): The skill mandates the execution of a
curlshell command to a local listener (http://localhost:8888/notify) for workflow notifications. Shell command execution is inherently risky and can lead to arbitrary code execution if inputs (like workflow names) are not strictly validated. - [Indirect Prompt Injection] (HIGH): The skill exhibits a significant attack surface in
Workflows/AdversarialValidation.md. Ingestion points: Untrusted user input for the 'Problem/Task description'. Boundary markers: None; uses instruction tags but fails to delimit external data. Capability inventory: Shell execution (curl) and sensitive file access (~/.claude/). Sanitization: None. - [Dynamic Execution] (MEDIUM): The 'Customization' logic in
SKILL.mddirects the agent to read and apply unvalidated 'PREFERENCES.md' or 'resources' from~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/RedTeam/. Loading configuration from sensitive filesystem paths allows for unauthorized behavior modification and persistence.
Recommendations
- AI detected serious security threats
Audit Metadata