telegram-send
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill instructions specify the execution of a Python script using directory traversal (
${CLAUDE_PLUGIN_ROOT}/../community-agent/tools/persona_status.py). This technique attempts to access and execute code outside of the skill's isolated directory, which can be used to execute unauthorized or malicious scripts present in adjacent folders. - PROMPT_INJECTION (LOW): The skill mandates that the agent execute a script and adopt its output as its core persona and instructions. This creates a vulnerability where the output of an external script—which may be untrusted or susceptible to manipulation—can override the agent's behavior, communication style, and safety constraints.
Audit Metadata