command-creator
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation explicitly describes and encourages the use of the
!syntax to execute arbitrary bash commands and inject their output into the agent's prompt (e.g.,!npm test). This facilitates a powerful execution environment with access to the host shell.- [PROMPT_INJECTION]: The skill highlights that custom commands can override standard built-in functions like/helpand/init. This provides a mechanism for hijacking the agent's expected behavior and replacing it with custom instructions.- [DATA_EXFILTRATION]: The instructions describe the@syntax for including the contents of local files in the agent's prompt context, creating a potential vector for reading and exposing sensitive data to the model or third parties.- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface where untrusted data from command arguments ($ARGUMENTS) or external files (@path) can be interpolated into prompts and processed by the model along with powerful capabilities like shell execution.
Audit Metadata