linux-bash-scripting
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as an educational resource for defensive shell scripting, promoting secure coding practices and system administration patterns.
- [COMMAND_EXECUTION]: The skill provides examples of system command execution, including wrappers for retries and dry runs. It explicitly advises against using
evalon user input and demonstrates how to build commands safely using arrays to prevent command injection. - [DATA_EXPOSURE_AND_EXFILTRATION]: Includes a template for using
curlto fetch remote resources, but does not include any hardcoded URLs, credentials, or malicious exfiltration logic. - [INDIRECT_PROMPT_INJECTION]: The skill defines patterns for processing external inputs such as script arguments and file contents, creating a vulnerability surface. However, it provides robust remediation guidance.
- Ingestion points: Script arguments ($1, $@) and file content reading (SKILL.md).
- Boundary markers: Explicitly recommends using '--' to terminate options and regex-based validation for script inputs.
- Capability inventory: Includes file system manipulation (mv, rm, mkdir, ln), network operations (curl), and process locking (flock) across the provided templates (SKILL.md).
- Sanitization: Recommends mandatory variable quoting, using printf over echo, and avoiding eval for untrusted data.
Audit Metadata