Skills
skills/freekmurze/dotfiles/update-spatie-docs/Gen Agent Trust Hub

update-spatie-docs

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The bash script in SKILL.md interpolates the user-provided {repo_name} directly into a command line: php artisan docs:import --repo=spatie/{repo_name}. This lacks sanitization, allowing an attacker to use shell metacharacters (e.g., ;, &, |) to execute arbitrary commands.
  • [PROMPT_INJECTION]: The skill accepts unvalidated arguments from the user to construct system commands, creating a vulnerability surface for indirect prompt injection. Ingestion point: {repo_name} argument in SKILL.md. Boundary markers: Absent. Capability inventory: Bash subprocess execution via php artisan. Sanitization: Absent.
  • [DATA_EXPOSURE]: The skill discloses the specific local directory path /Users/freek/dev/code/spatie.be, which reveals system-level information about the user's directory structure and username.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 05:11 PM