copy-agent
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell utilities (
ls,mkdir,cp) to manage agent metadata and configuration files within the user's home and project directories.- [COMMAND_EXECUTION]: Variables derived from user input, such as{plugin}and{agent-name}, are inserted directly into shell command strings (e.g.,mkdir -p {destination_dir}). The absence of sanitization or validation logic for these inputs creates a vulnerability where malicious strings containing shell metacharacters or path traversal sequences (e.g.,../) could be used to execute unintended commands or access unauthorized file paths.
Audit Metadata