Skills
skills/jmagar/claude-homelab/bytestash/Gen Agent Trust Hub

bytestash

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file uses behavioral override patterns to force the agent to use the skill. It includes phrases such as "⚠️ MANDATORY SKILL INVOCATION ⚠️", "YOU MUST invoke this skill (NOT optional)", and claims that failing to do so "violates your operational requirements".
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted code and file contents.
  • Ingestion points: Data enters the agent context via the --code and --files arguments in scripts/bytestash-api.sh.
  • Boundary markers: There are no explicit delimiters or instructions to ignore commands hidden within the ingested code snippets.
  • Capability inventory: The skill can execute shell commands (curl, cat, jq) through its wrapper script.
  • Sanitization: The script uses jq to properly encode the data into JSON format before transmission.
  • [COMMAND_EXECUTION]: The skill invokes a shell script (scripts/bytestash-api.sh) which executes various system commands to interact with the ByteStash API.
  • [DATA_EXFILTRATION]: The push functionality in scripts/bytestash-api.sh reads local file contents using cat and transmits them to a remote URL using curl. While this is the primary purpose of the skill, it represents a data transmission channel that could be used for exfiltration if the target URL is maliciously configured.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:57 AM