Skills
skills/laurigates/claude-plugins/blueprint-workspace-scan/Gen Agent Trust Hub

blueprint-workspace-scan

Fail

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instruction template in SKILL.md interpolates the $ARGUMENTS variable directly into a shell command line (bash ".../workspace-scan.sh" ... $ARGUMENTS). This allows for arbitrary command injection if the platform does not sanitize the input, enabling the execution of malicious shell commands alongside the intended script.
  • [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the !command syntax) in the SKILL.md frontmatter and context sections. It executes find and date commands automatically when the skill is loaded into the agent's environment, performing silent filesystem reconnaissance and information gathering.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by recursively reading manifest.json and feature-tracker.json files from arbitrary subdirectories within a monorepo. Since these files are processed and their contents summarized for the agent, an attacker could place malicious instructions inside a project manifest to influence or hijack the agent's behavior during the summary or next-step phases.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 21, 2026, 01:17 AM