Skills
skills/laurigates/claude-plugins/ha-validate/Gen Agent Trust Hub

ha-validate

Fail

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates the path argument directly into multiple shell commands, including find, grep, and python3 -c. This allows an attacker to execute arbitrary commands by providing a malicious path string (e.g., ; malicious_command).
  • [COMMAND_EXECUTION]: The skill utilizes the dynamic context injection syntax !find {{ path or '.' }} to execute a shell command during the skill loading phase. This execution path incorporates the user-supplied path argument, creating a silent command injection vector that triggers immediately when the skill is loaded by the environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 21, 2026, 01:17 AM