flow
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The instruction
yarn flow $ARGUMENTSdirectly interpolates a user-controlled variable into a shell command. An attacker could inject command separators (e.g.,;,&&,|) or shell substitutions to execute unauthorized background processes. - [Indirect Prompt Injection] (HIGH): Vulnerability detected in the handling of untrusted input.
- Ingestion points: The
$ARGUMENTSvariable defined inSKILL.mdaccepts input from the agent context. - Boundary markers: Absent. The variable is placed directly in the command string.
- Capability inventory: Execution of subprocesses via
yarn(file system access and potentially network access depending on scripts). - Sanitization: Absent. No escaping or validation of the
$ARGUMENTSstring is performed before execution.
Recommendations
- AI detected serious security threats
Audit Metadata