Skills
skills/laurigates/claude-plugins/configure-web-session/Gen Agent Trust Hub

configure-web-session

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses dynamic context injection (!command) to discover project files and configures a SessionStart hook in the application settings to automate shell script execution.
  • [EXTERNAL_DOWNLOADS]: Generates installation routines that fetch binaries and setup scripts from well-known repositories at GitHub and Hashicorp.
  • [REMOTE_CODE_EXECUTION]: The resulting shell script executes downloaded content at runtime, including third-party installation scripts like the Helm installer.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via .pre-commit-config.yaml data ingestion used to determine tool versions. Ingestion points: .pre-commit-config.yaml. Boundary markers: Absent. Capability inventory: Bash and Write. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:17 AM