tool-advisor
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes an extensive multi-stage Bash script to enumerate the system environment, installed tools, MCP servers, and agent configurations using terminal commands.
- [DATA_EXFILTRATION]: The discovery process accesses sensitive local paths including .env (reporting its line count) and various configuration files (e.g., ~/.claude/settings.json, .mcp.json) to extract server names and plugin lists, exposing environmental metadata to the agent context.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by reading and displaying the 'description' field from other local skills' SKILL.md files. Evidence: Ingestion points include $ARGUMENTS and metadata from local skills; Boundary markers are absent; Capability includes shell execution tools; Sanitization is absent.
- [PROMPT_INJECTION]: The skill processes untrusted user input from the $ARGUMENTS parameter and suggests executable commands without sanitization or explicit safety boundaries.
Audit Metadata