evaluate-skill
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection syntax (
!find $1/skills...) in the Context section of SKILL.md. This pattern executes shell commands at the moment the skill is loaded. Because the user-provided argument$1is interpolated directly into the command string without sanitization, an attacker can provide a skill name containing shell metacharacters (such as;,&, or$()) to execute arbitrary commands on the host system. - [COMMAND_EXECUTION]: The skill triggers the execution of local shell scripts (
scripts/plugin-compliance-check.shandevaluate-plugin/scripts/aggregate_benchmark.sh) using the bash utility. While these are local references, the safety of this operation is contingent on the integrity and sanitization logic within those external scripts.
Recommendations
- AI detected serious security threats
Audit Metadata