Skills
skills/giantcroissant-lunar/lunar-snake-hub/nuke-build/Gen Agent Trust Hub

nuke-build

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill triggers the execution of local shell and PowerShell scripts with inputs provided via the 'target' and 'parameters' fields. Evidence: The 'Common Patterns' section in SKILL.md shows direct interpolation of targets and flags. Risk: Without explicit sanitization, these inputs could be used to execute arbitrary commands on the host system.
  • EXTERNAL_DOWNLOADS (LOW): The documentation notes that build scripts will attempt to download the .NET SDK if missing. Evidence: Troubleshooting section in SKILL.md: 'Build scripts will attempt to download if missing.'
  • PROMPT_INJECTION (HIGH): Vulnerability surface for indirect prompt injection (Category 8). Ingestion points: 'target' and 'parameters' inputs in the YAML frontmatter of SKILL.md. Boundary markers: Absent. Capability inventory: Subprocess execution of shell and PowerShell scripts. Sanitization: Absent.
  • PRIVILEGE_ESCALATION (MEDIUM): The skill suggests increasing permissions on local scripts. Evidence: Troubleshooting section 'chmod +x build.sh'.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:56 AM