Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/document-merger/Gen Agent Trust Hub

document-merger

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill's primary purpose is to process and merge external documents (Ingestion point: Files read via the Read tool). It lacks boundary markers, delimiters, or explicit instructions to sanitize or ignore embedded natural language commands. An attacker could embed malicious instructions within a document that, when processed, could manipulate the agent's behavior.
  • [Command Execution] (HIGH): The skill explicitly requests the Bash tool in its allowed-tools metadata. When combined with the high-risk ingestion of untrusted document content (Category 8), this provides a direct path for Remote Code Execution (RCE) if an indirect prompt injection succeeds.
  • [No Code] (INFO): The skill consists only of a SKILL.md file with no accompanying scripts or implementation logic. While this reduces immediate static risks from the skill's own code, it increases reliance on the agent's interpretation of external data while holding high privileges.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 12:00 AM