Skills
skills/ingpoc/skills/implementation/Gen Agent Trust Hub

implementation

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The script scripts/health-check.sh uses eval to run commands fetched directly from the health_check key in .claude/config/project.json. This allows for arbitrary command execution if the configuration file is controlled by an untrusted source.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). Ingestion points: Reads data from .claude/config/project.json and .claude/progress/feature-list.json. Boundary markers: None present; the skill trusts the content of these files. Capability inventory: Can execute shell commands via eval, perform git commits, and modify local JSON files. Sanitization: None; variables are interpolated directly into shell and jq command strings.
  • DATA_EXFILTRATION (LOW): Several scripts, including scripts/get-current-feature.sh and scripts/mark-feature-complete.sh, use shell variable interpolation inside jq filters (e.g., select(.id == "'$FEATURE_ID'")) instead of the safer --arg flag. This could allow for data manipulation or unintended data extraction if the variable content is manipulated.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:41 PM