note-search
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill executes shell commands (grep, ls) that interpolate user-provided search terms and options without sanitization. An attacker could provide input containing shell metacharacters (e.g., '; rm -rf /') to execute arbitrary commands on the host system.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection by reading contents from the notes/ directory which may be attacker-controlled. Ingestion points: Any file matching the notes/ directory structure or SKILL.md files within. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands. Capability inventory: The skill has the ability to execute grep and ls shell commands. Sanitization: Absent; the content is searched and displayed directly without filtering.
Recommendations
- AI detected serious security threats
Audit Metadata