Skills
skills/gohypergiant/agent-skills/accelint-prompt-manager/Gen Agent Trust Hub

accelint-prompt-manager

Warn

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to implement a 'copy to clipboard' feature. It constructs shell commands by interpolating the optimized prompt text directly into a command string (e.g., echo "prompt text" | pbcopy). Since the prompt text is derived from untrusted user input, this pattern is vulnerable to command injection if the text contains shell metacharacters like backticks, semicolons, or command substitutions.
  • Evidence: File SKILL.md (Phase 4, Step 5) provides specific instructions to use the Bash tool with OS-appropriate commands like echo "prompt text" | pbcopy or echo "prompt text" | xclip.
  • [DATA_EXFILTRATION]: While not explicitly malicious, the combination of the Bash and Write tools with the ability to process user-supplied prompts creates a surface where data could be moved to local files or external systems. The skill relies on the agent's adherence to instructions to prevent misuse of these capabilities.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 20, 2026, 04:59 PM