skillpack-check
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes a bash script template for the agent that extracts strings from a JSON 'actions' array and executes them directly using 'eval', bypassing standard safety validation.
- [REMOTE_CODE_EXECUTION]: By instructing the agent to blindly execute sequences provided by the 'gbrain' tool, the skill creates an arbitrary code execution vector if the tool's output is manipulated via environment or input data.
- [PROMPT_INJECTION]: The skill is marked as 'mutating: false' in the metadata despite instructions to perform system-altering actions. Furthermore, it presents an indirect prompt injection surface: untrusted data enters the agent context via 'gbrain' output (ingestion point), lacks boundary markers or sanitization, and is directly used with the shell capability (eval loop).
Audit Metadata