root-cause-tracing
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The find-polluter.sh script is vulnerable to command injection via crafted filenames.
- Evidence: In find-polluter.sh, the execution of npm test "$TEST_FILE" allows for shell command substitution. If an attacker can create a file named with backticks or dollar-parenthesis syntax, the shell will execute those commands when the agent runs the script.
- Evidence: The script uses unquoted variable expansion for TEST_FILES=$(find ...), leading to word-splitting and incorrect behavior with filenames containing spaces.
- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill creates a vulnerability surface by processing untrusted filesystem data (filenames) and using them in execution.
- Ingestion points: find-polluter.sh reads file paths from the local directory using the find command.
- Boundary markers: None are present to distinguish between legitimate test files and attacker-created files.
- Capability inventory: The script performs subprocess execution of npm test.
- Sanitization: Only basic double-quoting is used, which is insufficient to prevent command substitution in shell environments.
Audit Metadata