Skills
skills/hayattiq/x-research-skills/article-agent-context-research/Gen Agent Trust Hub

article-agent-context-research

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The workflow in SKILL.md explicitly calls for executing npm run grok:context -- --topic \"...\". The topic parameter is interpolated directly from user input or content found in data/idea-creation/*.md, which can be manipulated to execute arbitrary commands.
  • [REMOTE_CODE_EXECUTION] (HIGH): The reliance on shell-based execution with untrusted data allows for command injection (e.g., using ;, |, or backticks) which could lead to full system compromise.
  • [PROMPT_INJECTION] (HIGH): Category 8 finding: The skill ingests untrusted data from local files (data/idea-creation/) and user queries to drive high-privilege operations (shell execution). Evidence: 1. Ingestion point: data/idea-creation/*.md and user 'Intake'. 2. Boundary markers: Absent. 3. Capability inventory: npm run subprocess execution. 4. Sanitization: None detected. A malicious idea report could inject shell commands into the topic variable.
  • [DATA_EXFILTRATION] (MEDIUM): The skill is designed to read potentially sensitive research data from data/article-research/* and send it to an external process (grok:context), which may leak internal information to third-party services.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:21 AM