idea-incubator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill performs arbitrary command execution by invoking a Python script via the 'uv' package manager.
- Evidence: The 'Archive Mode' section in
SKILL.mdspecifies the execution ofuv run .agent/skills/idea-incubator/scripts/sync_to_pg.py <file_path>. - Risk: The
<file_path>parameter is directly provided by the user. If the underlying script does not implement strict path validation (e.g., checking for directory traversal like '../../'), an attacker could force the agent to read sensitive files such as~/.ssh/id_rsaor.envand sync them to the database. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is designed to ingest and parse external content from user-specified local files.
- Ingestion Points: User-provided file paths in
Archive Modeand shared ideas inMirror Mode. - Boundary Markers: Absent. There are no instructions to the agent to ignore embedded instructions within the markdown files being parsed.
- Capability Inventory: Subprocess execution (
uv run), file system access, and local database write operations. - Sanitization: Absent. The skill instructions do not mention validating or escaping the content of the markdown files before processing or database insertion.
Recommendations
- AI detected serious security threats
Audit Metadata