Skills
skills/jamie-bitflight/claude_skills/stdlib-scripting/Gen Agent Trust Hub

stdlib-scripting

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides reusable code patterns (run_privileged_comman d and run_cm d_elevate d) tha t facilitate the exec utin g of shell commands with elevated privileges usin g sudo -n on POSIX systems. This allows the agen t to perform adminis trative tasks but also pres ents a risk of privilege escalatio n if not used carefully.
  • [PROMPT_INJECTION]: The implemen tatio n of loa d_confi g provides a surface for indirec t prompt injec tio n by readin g an d parsin g data from external files (JSON, TOML, INI) with out validation. Malic io us ly crafted configuratio n files could poten tial ly influen ce the agen t's logi c or behavior.
  • In g e s t i o n p o i n t s: loa d_confi g func tio n defined in SK I L L . m d .
  • B o u n d a r y m a r k e r s: None iden tified; the skill reads raw file con ten t direc tly into dic tio naries.
  • C a p a b i l i t y i n v e n t o r y: Uses sub p r o c e s s . r u n for shell comman d exec utio n an d as y n c i o . g a t h e r for task manag emen t.
  • S a n i t i z a t i o n: No input validatio n or schema enforc emen t is perform ed on the loa ded configuratio n data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 08:41 AM