cogames-command
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions in SKILL.md explicitly direct the agent to 'run the command' (uv run cogames ...) built from user-controlled inputs like 'mission' and 'variants'. This provides a direct path for executing arbitrary shell commands if a user provides malicious input (e.g., using command separators like ';' or '&&').
- [PROMPT_INJECTION] (HIGH): The skill has a significant Indirect Prompt Injection surface. 1. Ingestion points: 'mission', 'variants', 'policy/run id', 'cogs', and 'repeats' parameters provided by the user. 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are specified. 3. Capability inventory: The skill has the capability to execute system commands via the 'uv run' tool. 4. Sanitization: Absent; there is no logic provided to escape or validate user inputs before they are interpolated into the shell command.
- [REMOTE_CODE_EXECUTION] (HIGH): Through the command injection vulnerability described above, an attacker can achieve arbitrary remote code execution on the host system where the agent is running.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The use of 'uv run cogames' implies that the 'cogames' package and its dependencies may be dynamically downloaded from external registries at runtime if not already present, posing a risk of executing unverified or malicious code from remote sources.
Recommendations
- AI detected serious security threats
Audit Metadata