Skills
skills/jamie-bitflight/claude_skills/user-docs-to-ai-skill/Gen Agent Trust Hub

user-docs-to-ai-skill

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using variables derived from user-provided repository URLs and filenames found in the source documentation. In 'input-resolution.md', the 'git clone' command uses a 'project-name' derived from the last URL segment without sanitization, allowing for arbitrary command execution via shell metacharacters. Similarly, 'extraction-patterns.md' specifies running 'man -l | col -b' via Bash, where the filename is user-controlled content that can trigger command injection.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external sources and passes it verbatim to sub-agents such as 'process-siren' and 'general-purpose'. As documented in 'workflow-identification.md', the raw extracted prose is passed to sub-agents without boundary markers or sanitization, exposing the agent to indirect prompt injection from malicious documentation files.
  • [EXTERNAL_DOWNLOADS]: The skill uses 'git clone' to download external content from GitHub repositories specified by the user, which is a core feature but facilitates the execution of untrusted code or content within the agent's worktree.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 08:42 AM