Skills
skills/iyangl/memory-hub/catalog-read/Gen Agent Trust Hub

catalog-read

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run the command memory-hub catalog-read [topics|<module>]. Since the module name is directly interpolated into the shell command string, an attacker could provide input containing shell metacharacters (e.g., ;, &&, |) to execute unauthorized system commands.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and returning the content of external catalog files.
  • Ingestion points: Data enters the context through files like topics.md or module detailed indexes.
  • Boundary markers: There are no delimiters or explicit instructions for the agent to ignore embedded commands within the read data.
  • Capability inventory: The skill possesses the Bash tool capability, which could be leveraged if instructions are found in the ingested data.
  • Sanitization: No validation or sanitization of the file content is performed before it is provided to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 03:59 AM