ops-status
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the
!command`` syntax) inSKILL.mdto execute the local script${CLAUDE_PLUGIN_ROOT}/bin/ops-status. - [COMMAND_EXECUTION]: User-provided input via the
$ARGUMENTSvariable is interpolated directly into this shell command. This creates a command injection vulnerability where a user could provide shell metacharacters (such as;,&, or|) to execute unauthorized commands on the host system.
Audit Metadata