Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/retention-calculator/Gen Agent Trust Hub

retention-calculator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is designed to process external analytics content but lacks safety guardrails such as boundary markers or explicit instructions to ignore embedded commands.
  • Ingestion points: Untrusted data files (SQL, CSV, logs) containing 'retention calculator' keywords.
  • Boundary markers: Absent.
  • Capability inventory: Bash, Write, Edit, Read, and Grep.
  • Sanitization: Absent.
  • [Command Execution] (HIGH): By explicitly enabling the 'Bash' tool, the skill provides a mechanism for remote code execution if the agent is influenced by malicious instructions embedded in the data it is tasked to analyze.
  • [Data Exposure] (MEDIUM): The combined access to Bash and file-reading tools (Read, Grep) without restrictive pathing allows an attacker to read sensitive local files or environment variables via prompt injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:12 AM