Skills
skills/gentleman-programming/gentleman.dots/gentleman-system/Gen Agent Trust Hub

gentleman-system

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill defines a comprehensive API for executing shell commands (Run, RunWithLogs, RunBrewWithLogs, RunPkgInstall). Evidence in Pattern 4 shows these functions are intended for direct system interaction.
  • [PRIVILEGE_ESCALATION] (MEDIUM): Explicit support for root-level execution is provided through RunSudo and RunSudoWithLogs. Examples in Example 2 show these being used for package managers (pacman, apt-get), which can be leveraged to install unauthorized software.
  • [INDIRECT_PROMPT_INJECTION] (LOW): A vulnerability surface exists in Example 2 and Example 4 where an agent might interpolate untrusted user requirements into system commands or file paths (e.g., destDir, tool name) without explicit sanitization patterns provided in the instructions.
  • [DATA_EXPOSURE] (LOW): The skill includes patterns for accessing system metadata such as HomeDir, UserShell, and environment variables like TERMUX_VERSION and PREFIX to determine OS state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 10:54 AM