nav-stats
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Command Execution] (MEDIUM): The skill invokes
source <(bash scripts/session-stats.sh)in Step 3. Sourcing the output of a script into the current shell session is a form of dynamic execution. If the external scriptscripts/session-stats.sh(which is not part of the skill) is modified or provides malicious output, it could execute arbitrary commands with the agent's privileges. - [Unverifiable Dependencies] (LOW): The skill relies on
scripts/session-stats.sh, which must pre-exist in the user's environment. This script is described as providing shell-parseable variables, but its actual contents are not verified by the skill analyzer. - [Data Exposure] (SAFE): While the skill reads local files like
.agent/DEVELOPMENT-README.mdand various philosophy documents, these are used for validation and providing recommendations, with no network exfiltration paths observed. - [Prompt Injection] (SAFE): No instructions attempting to override system behavior or bypass safety filters were detected.
Audit Metadata