table-image
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs a bash command by directly interpolating user-provided markdown table content into the command line arguments. In Step 3, the agent is instructed to run
uv run ~/.claude/skills/_generate_image.py "<constructed prompt>". Because the user-controlled table is placed within double quotes, an attacker can use shell metacharacters such as backticks (`) or subshell syntax ($(...)) to execute arbitrary commands on the system. - [PROMPT_INJECTION]: The skill lacks sanitization or boundary markers for user-provided data. It instructs the agent to paste the full markdown table into a prompt template, which is then used in a command-line tool. Ingestion points: User-provided table in Workflow Step 1. Boundary markers: Absent. Capability inventory: Bash tool usage. Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The skill uses
uv run, a well-known tool, to execute a local script provided by the author. This process may automatically fetch and install Python dependencies from external registries if they are specified in the script's inline metadata.
Recommendations
- AI detected serious security threats
Audit Metadata