Skills
skills/jmagar/claude-homelab/bytestash/Gen Agent Trust Hub

bytestash

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file contains a 'MANDATORY SKILL INVOCATION' section using coercive language ('YOU MUST', 'Failure... violates your operational requirements') intended to force the agent to use the skill and bypass its standard decision-making process.
  • [DATA_EXFILTRATION]: The push command in scripts/bytestash-api.sh performs arbitrary file reads via cat and transmits the content to a remote URL. This creates a high-risk capability for data exfiltration if the agent is manipulated into reading sensitive system or configuration files.
  • [COMMAND_EXECUTION]: The wrapper script executes shell commands such as curl and jq using variables constructed from file contents and user-provided arguments. This represents a potential execution risk if malicious content is injected into snippet files or metadata processing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays untrusted content (snippet code and descriptions) from an external API.
  • Ingestion points: scripts/bytestash-api.sh (via api_request function calls to the ByteStash API).
  • Boundary markers: None are used when presenting retrieved snippet data to the agent.
  • Capability inventory: The skill has network access, file system read access, and destructive deletion capabilities.
  • Sanitization: No sanitization or validation of the retrieved content is performed before presentation to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 05:33 PM