clean-code
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The 'Verification Scripts' section mandates that agents execute Python scripts located in external skill directories (e.g.,
python ~/.{TOOL}/skills/vulnerability-scanner/scripts/security_scan.py .). - Evidence: Multiple entries in the 'Agent -> Script Mapping' table use computed paths in the user's home directory.
- Risk: This pattern promotes the execution of code that is not part of the current skill. If a malicious skill or user places a script at one of these expected paths, the agent will execute it without verification as part of its mandatory workflow.
- [DATA_EXFILTRATION] (LOW): The skill instructs the agent to 'capture ALL output' from validation scripts and 'summarize' it for the user.
- Evidence: Section 'Script Output Handling (READ → SUMMARIZE → ASK)'.
- Risk: While intended for debugging, this could inadvertently expose sensitive system data or vulnerability details (from
security_scan.py) to the LLM's history or external logs. - [PROMPT_INJECTION] (LOW): The skill uses authoritative language ('CRITICAL', 'MANDATORY', 'VIOLATION') and specific role-based instructions to override default agent behavior regarding how it handles task completion and script execution.
- Evidence: Headers like '❌ VIOLATION: Running script and ignoring output = FAILED task.'
Audit Metadata