Skills
skills/florianbruniaux/claude-code-ultimate-guide/talk-stage2-research/Gen Agent Trust Hub

talk-stage2-research

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash to execute git commands and constructs these commands by interpolating variables such as {repo_path} and {slug} into the shell string. If these variables are supplied with malicious shell metacharacters (e.g., semicolons, backticks, or pipes), it could lead to arbitrary command execution on the host machine.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and processes data from external files that may be under the control of an attacker.
  • Ingestion points: The skill reads input from talks/{YYYY}-{slug}-summary.md and the project's CHANGELOG.md file.
  • Boundary markers: The instructions do not implement any delimiters or "ignore embedded instructions" warnings when processing the contents of these files.
  • Capability inventory: The agent has access to Bash, Read, and Write tools, which could be abused if malicious instructions are successfully injected via the ingested files.
  • Sanitization: There is no mention of sanitization, escaping, or validation of the content read from the summary or changelog files before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 11:04 PM