skills/jeremylongshore/claude-code-plugins-plus-skills/artillery-config-generator/Gen Agent Trust Hub
artillery-config-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exposes a high-severity attack surface by combining untrusted data ingestion with powerful tool capabilities. 1. Ingestion points: User-specified performance testing parameters used to generate configurations. 2. Boundary markers: Absent from the skill definition. 3. Capability inventory: 'Bash', 'Write', and 'Edit' tools are enabled in the YAML frontmatter. 4. Sanitization: No documented methods for input validation or escaping.
- [Command Execution] (HIGH): The skill explicitly requests the 'Bash' tool, allowing for potential arbitrary shell command execution, which is particularly dangerous when the skill's purpose involves generating code.
- [No Executable Code] (INFO): Only the SKILL.md manifest was provided for analysis; the absence of implementation scripts (Python/JavaScript) prevents a complete audit of the runtime behavior and safety logic.
Recommendations
- AI detected serious security threats
Audit Metadata