project-skill-scripts
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the
!syntax) in the SKILL.md file to automatically execute shell commands (git rev-parseandfind) when the skill is loaded. - [REMOTE_CODE_EXECUTION]: The execution workflow relies on an external bash script located at
${CLAUDE_PLUGIN_ROOT}/skills/project-discovery/scripts/analyze-skills.sh, which is invoked with subshell arguments. - [COMMAND_EXECUTION]: The skill includes instructions to modify file system permissions using
chmod +xon scripts it generates at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it parses the natural language instructions of other skill files to determine the logic for generating new executable scripts.
- Ingestion points: Reads and analyzes
SKILL.mdfiles belonging to various plugins in Step 2. - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from following malicious commands embedded in the analyzed skill files.
- Capability inventory: The skill has the ability to write files, edit content, and make files executable (
chmod +x). - Sanitization: There is no evidence of sanitization or validation of the content read from external skills before it is used to template new scripts.
Audit Metadata