Skills
skills/iamladi/cautious-computing-machine--sdlc-plugin/update-models/Gen Agent Trust Hub

update-models

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes bun run resolve-models after locating a plugin directory using a glob pattern in ~/.claude/plugins. This allows the agent to execute a local script, which may perform arbitrary actions within the scope of the user's permissions.\n- [DATA_EXFILTRATION]: The skill accesses the file ~/.codex/config.toml to read and verify configuration settings. Reading configuration files in the user's home directory can lead to the exposure of user-specific setup details and preferences.\n- [PROMPT_INJECTION]: The skill processes data from external sources (script output and local config files), which constitutes a vulnerability surface for indirect prompt injection.\n
  • Ingestion points: Standard output from the resolve-models script and the content of ~/.codex/config.toml.\n
  • Boundary markers: Absent. The instructions do not define delimiters or provide specific warnings to the agent to ignore instructions contained within the ingested data.\n
  • Capability inventory: The skill possesses the capability to execute shell commands (bun run) and read local files.\n
  • Sanitization: Absent. There is no evidence of data sanitization or validation before the information is presented to the agent for processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 03:28 AM