configure-web-session
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads binaries and installation scripts from well-known technology providers including GitHub, HashiCorp, and PyPI. These include the official Helm installation script and binary releases for Terraform, TFLint, and other tools (Step 3).\n- [COMMAND_EXECUTION]: Generates and executes a bash script (
scripts/install_pkgs.sh) that installs software directly to the/usr/local/binsystem directory. It applieschmod +xto newly created scripts (Step 4).\n- [REMOTE_CODE_EXECUTION]: Configures aSessionStarthook within.claude/settings.jsonto automatically execute the generated installation script whenever a new session begins, establishing a persistence mechanism (Step 5).\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external project data.\n - Ingestion points: Reads project configuration files such as
.pre-commit-config.yaml,Chart.yaml, andJustfileto determine tool requirements (Step 1).\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when reading these external files.\n
- Capability inventory: Utilizes
Bashfor script execution andWrite/Editfor modifying configuration and script files (Steps 4 and 5).\n - Sanitization: Lacks explicit validation or sanitization for versions or tool names extracted from project files before they are interpolated into the shell script execution logic.
Audit Metadata