Skills
skills/eyh0602/skillshub/code-change-verification/Gen Agent Trust Hub

code-change-verification

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The scripts run.sh and run.ps1 execute make commands. Since make targets are defined in a local Makefile, an attacker-controlled repository can execute arbitrary shell commands when this skill is invoked.
  • [PROMPT_INJECTION] (HIGH): Categorized as Indirect Prompt Injection (Category 8). The skill treats the repository environment as input and possesses high-privilege execution capabilities. 1. Ingestion point: The repository's Makefile and build configuration. 2. Boundary markers: None present. 3. Capability inventory: Arbitrary subprocess execution via make in run.sh and run.ps1. 4. Sanitization: No validation of Makefile content or make targets.
  • [PRIVILEGE_ESCALATION] (HIGH): The SKILL.md instructions explicitly direct the agent to use powershell -ExecutionPolicy Bypass. This is a known technique to circumvent system security restrictions on script execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:07 PM