scout-ext
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute external CLI utilities (geminiandopencode). The command construction pattern interpolates a[prompt]variable directly into the shell string (e.g.,gemini -p "[prompt]"). This is a classic injection vector where shell metacharacters in the prompt could be used to execute unintended commands. - [EXTERNAL_DOWNLOADS]: The instructions direct the agent to check for the presence of external tools and prompt the user for installation if they are missing. While
geminiis a well-known service,opencode(referenced with theopencode/grok-codemodel) is an unverified dependency that the agent is encouraged to fetch and install. - [REMOTE_CODE_EXECUTION]: By combining dynamic command construction with shell execution, the skill creates a surface for remote code execution. An attacker could provide a malicious prompt or create a file with a name that, when processed, executes arbitrary code on the host machine.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by reading untrusted data from the filesystem during the scouting process.
- Ingestion points: The skill crawls directories and reads file paths to identify relevant files for tasks.
- Boundary markers: Absent; there are no specified delimiters or instructions to ignore malicious content embedded within the files being scouted.
- Capability inventory: The skill leverages the
Bashtool for command execution and theTasktool for sub-agent orchestration. - Sanitization: Absent; the workflow does not include steps to sanitize or validate the content of the files or directory names before they influence subsequent agent actions.
Audit Metadata