bash-script-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk vulnerability surface by combining user-controlled input with file-writing and permission-granting capabilities.
- Ingestion points: User input gathered via
FORMS.md(script purpose, parameters, flags, and main logic) is used to populateTEMPLATE.md. - Boundary markers: None. There are no instructions to the agent to sanitize or escape the user's input before embedding it into the script template.
- Capability inventory: According to
WORKFLOW.mdstep 3, the agent is instructed to output the script to a user-defined path and grant execution permissions (chmod +x). - Sanitization: None. The agent is not instructed to validate the safety of the generated code or the target file path.
- Privilege Escalation & Dynamic Execution (MEDIUM): The workflow explicitly requires the agent to grant execution permissions to files it has just generated. If an attacker can inject malicious code into the 'purpose' or 'logic' fields, the agent effectively creates and weaponizes a backdoor on the local system.
- Metadata Deception (LOW): While the skill claims to produce 'robust' and 'safe' scripts using best practices like
set -Eeuo pipefail, these safety measures only protect against accidental errors in the generated script and do nothing to prevent the generation of intentionally malicious commands.
Recommendations
- AI detected serious security threats
Audit Metadata