flags
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The skill executes
yarn flags $ARGUMENTS. Direct interpolation of user-provided strings into a shell command is dangerous. If the agent's execution environment does not perform strict shell-escaping, an attacker could provide shell metacharacters (e.g.,;,|,&) to execute arbitrary code. - Indirect Prompt Injection (MEDIUM): The skill ingests and explains output from an external feature flag system.
- Ingestion points: Command output from
yarn flags(SKILL.md, Instruction 1 and 2). - Boundary markers: Absent; there are no delimiters or instructions to the agent to ignore instructions embedded in the flag data.
- Capability inventory: The skill can execute local subprocesses via
yarn. - Sanitization: None; the agent is instructed to 'Explain the output to the user' directly. A malicious feature flag name or value could contain instructions to redirect the agent's behavior.
Audit Metadata