doc-creation
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a bash script located at
${CLAUDE_PLUGIN_ROOT}/scripts/index-query.shusing the bash interpreter. This reliance on a local script depends on the agent's environment and terminal access. - [PROMPT_INJECTION]: An indirect prompt injection surface is created by passing the
$TARGET_PATHvariable directly into a shell command. Ingestion points: The$TARGET_PATHvariable derived from the file creation context. Boundary markers: None identified. Capability inventory: Ability to execute bash scripts via the terminal. Sanitization: The instruction uses double-quoting and thedirnameutility to wrap the variable, which offers some mitigation against simple path manipulation but does not fully eliminate the injection risk if the variable contains more complex shell metacharacters.
Audit Metadata