switch-brand
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a shell command that incorporates user-controlled input.
- Evidence: The command
python "scripts/setup.py" --switch-brand BRAND_SLUGinSKILL.mdusesBRAND_SLUGas a placeholder for user-provided data. - Risk: This pattern creates a command injection surface where an adversary could attempt to include shell metacharacters (e.g.,
;,&,|) or path traversal sequences in the brand name to execute unauthorized commands or access sensitive files.
Audit Metadata