Skills
skills/jmagar/claude-homelab/sonarr/Gen Agent Trust Hub

sonarr

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file uses coercive language ("MANDATORY SKILL INVOCATION", "YOU MUST", "Failure... violates your operational requirements") designed to override the agent's natural tool selection process.
  • [COMMAND_EXECUTION]: The skill heavily utilizes a bash script (scripts/sonarr.sh) that executes shell commands including curl and jq to interact with the local environment and the Sonarr API.
  • [DATA_EXPOSURE]: The skill explicitly retrieves sensitive credentials (API keys) from the local filesystem (~/.claude-homelab/.env) through the load-env.sh library.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data such as TV show titles and descriptions fetched from the Sonarr API, which could serve as an attack vector if the source data is controlled by an adversary.
  • Ingestion points: Data enters the agent's context through API responses processed in scripts/sonarr.sh (commands: search, exists, add).
  • Boundary markers: None identified; the output of the API is presented directly to the agent without delimiters or warnings.
  • Capability inventory: The skill allows shell command execution, network requests, and the ability to delete files (via the remove command).
  • Sanitization: While the script uses jq for JSON handling and URI encoding for search terms, it does not sanitize the text content (titles/descriptions) before presenting it to the agent's prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 02:07 PM