analyze-app
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill performs unsafe string interpolation of the user-provided 'app-path' argument into bash commands within the Task tool (e.g.,
plutil -p '<app_path>/Contents/Info.plist'). A malicious actor can provide a path containing single quotes and shell metacharacters to break out of the quoted string and execute arbitrary commands on the host system.\n- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it extracts untrusted data from the local filesystem (application metadata, file names, and binary strings) and passes it directly into an LLM-based subagent for analysis and reporting.\n - Ingestion points: File SKILL.md, Step 3 (Bash outputs from
plutil,ls, andstringscommands).\n - Boundary markers: Absent. The data is concatenated directly into the subagent's prompt without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The subagent has
Bashexecution privileges via the Task tool.\n - Sanitization: Absent. No validation or escaping is performed on the data read from the application bundle before it is processed by the subagent.
Recommendations
- AI detected serious security threats
Audit Metadata