perl-validate
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Use of 'perl -c' and 'perl -wc' for syntax checking. These commands compile the script, which executes code within BEGIN, UNITCHECK, and CHECK blocks. If the script being validated is malicious, it can lead to arbitrary code execution on the agent's host system.
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through processed Perl scripts. Malicious instructions could be embedded in the code (e.g., in comments or string literals) to influence the agent's behavior.
- Ingestion points: The skill reads files using Read, Grep, and Glob tools.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The skill can execute shell commands via Bash (perl, perlcritic, podchecker).
- Sanitization: No sanitization or validation of the input script's content is performed before processing.
Audit Metadata