parsearger-core
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute a non-standard binary 'parseArger' or './parseArger'. The safety and integrity of this binary are not verifiable within the skill content.
- REMOTE_CODE_EXECUTION (MEDIUM): The '--complete-custom "CMD"' parameter allows the generation of Bash scripts containing arbitrary shell commands. This creates a risk of code execution when the generated script is used or sourced if the command string is maliciously crafted.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) when modifying existing files. 1. Ingestion points: 'parseArger parse FILE' reads content from existing files. 2. Boundary markers: The skill identifies generated code using '# @parseArger-parsing' and '# @parseArger-parsing-end' comments. 3. Capability inventory: The skill can execute subprocesses (parseArger), write new files (--output), and modify existing files (--inplace). 4. Sanitization: There is no evidence of input validation or sanitization for strings passed to shell parameters.
Audit Metadata