eta
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions (Step 2) provide a shell command template that interpolates user-provided input (
task_description) directly into apythonexecution string:python scripts/estimate_task.py --task "<task_description>". This creates a high risk of command injection, where a malicious user could provide a task description containing shell metacharacters (e.g.,;,&&, or backticks) to execute unauthorized commands. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill depends on a local script
scripts/estimate_task.pywhich is not provided within the analyzed files. This is an unverifiable dependency that performs codebase analysis. Without the script source, it is impossible to verify if the script performs safe operations or contains malicious logic like data exfiltration. - [PROMPT_INJECTION] (LOW): This skill exhibits an indirect prompt injection surface (Category 8).
- Ingestion points: User-provided task descriptions are captured and processed.
- Boundary markers: The instructions use double quotes as delimiters, but do not provide logic for escaping or sanitizing internal quotes or shell metacharacters.
- Capability inventory: The skill uses the
bashtool withpython,ls,find, andwcpermissions. - Sanitization: There is no instruction to sanitize or validate the
task_descriptionbefore it is passed to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata