Skills
skills/metta-ai/tribal-village/tv-spelunk/Gen Agent Trust Hub

tv-spelunk

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The skill workflow explicitly directs the agent to execute rg (ripgrep) and sed via the shell. The <pattern> and <file> variables are interpolated directly into these commands. If the agent processes a malicious search pattern (e.g., containing shell metacharacters like ;, |, or `) without proper escaping, it could lead to arbitrary command execution on the local system.
  • PROMPT_INJECTION (MEDIUM): (Category 8: Indirect Prompt Injection) The skill is designed to ingest and summarize content from the codebase (src, docs). This represents a significant attack surface for indirect prompt injection.
  • Ingestion points: Standard output of rg -n and sed -n '1,240p'.
  • Boundary markers: None. The content is read and passed directly to the summarization step without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Local file reading and shell command execution (rg, sed).
  • Sanitization: No sanitization or validation of the retrieved file content is performed before the agent processes it for summarization.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:01 PM