integrate-command
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands such as
find,ls,cp, andcatwith variables${command-name}and${plugin}directly interpolated from user input. This creates a risk of command injection if the underlying agent does not properly escape or validate these inputs before execution. - [DATA_EXFILTRATION]: The skill explicitly searches and reads from
~/.claude/, a directory that may contain sensitive information such as user preferences, command history, or private instruction sets. Accessing these files can expose sensitive data to the agent's context or to malicious files being integrated. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by importing external markdown files into the plugin environment.
- Ingestion points: Untrusted files are read from
~/.claude/*/commands/and.claude/*/commands/(SKILL.md). - Boundary markers: There are no markers or instructions to isolate or ignore embedded prompts within the source files.
- Capability inventory: The skill utilizes shell execution and file system operations (
cp,cat,find). - Sanitization: No content validation or filtering is performed on the integrated files before they are made available to the agent.
Audit Metadata