writing-tools
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill explicitly teaches the agent how to execute shell commands via the
Bun.$shell. This pattern is highly risky in AI-generated code, as it can lead to arbitrary command execution if the agent fails to properly sanitize or delimit arguments derived from untrusted user input. - [REMOTE_CODE_EXECUTION] (HIGH): The documentation provides a template for 'Invoking Other Languages' which allows the agent to execute external scripts (e.g.,
python3 .opencode/tool/script.py). This bypasses the primary execution environment and allows for arbitrary code execution on the host system. - [DYNAMIC_EXECUTION] (MEDIUM): The skill promotes a workflow where executable logic is defined and executed at runtime. This can be exploited to create persistence or perform unauthorized system modifications if an attacker can influence the tool creation process via indirect prompt injection.
Recommendations
- AI detected serious security threats
Audit Metadata