bash-linux
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill configuration enables the 'Bash' tool, allowing the agent to execute arbitrary shell commands on the host system.
- DATA_EXFILTRATION (LOW): The reference material provides patterns for using 'curl' to interact with external domains (e.g., example.com) which are not on the trusted whitelist.
- CREDENTIALS_UNSAFE (LOW): The documentation explicitly lists 'env' and 'printenv' as methods for viewing environment variables, which can lead to the exposure of sensitive credentials or API keys.
- EXTERNAL_DOWNLOADS (LOW): The skill includes patterns for downloading files from external URLs using 'curl'.
- PROMPT_INJECTION (LOW): The skill presents an Indirect Prompt Injection surface (Category 8). Evidence: 1. Ingestion points: The skill uses 'Read' and 'cat' to process file contents. 2. Boundary markers: No delimiters or sanitization instructions are provided for handling untrusted data. 3. Capability inventory: The agent has access to 'Bash', 'Write', 'Edit', and 'curl'. 4. Sanitization: There is no logic provided to escape or validate data processed by text-processing tools like 'sed' or 'awk'.
Audit Metadata