dnd5e-srd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill requires the agent to run Python scripts (
search_with_positions.py,expand_context.py) via the shell. Because the agent is instructed to interpolate user-provided search terms directly into these command strings (e.g.,python scripts/search_with_positions.py "search term"), it creates a high-risk command injection vulnerability. A malicious user could provide a search term like"; rm -rf /; "to execute arbitrary system commands. - [Indirect Prompt Injection] (MEDIUM): This is a Retrieval-Augmented Generation (RAG) skill that reads from the
references/directory. - Ingestion points: Data is read from markdown files in
/skills/dnd5e-srd/references/viagrepand Python scripts. - Boundary markers: None identified. The skill does not instruct the agent to use delimiters or ignore instructions found within the retrieved text.
- Capability inventory: The skill has the capability to execute shell commands and read local files.
- Sanitization: There is no evidence of sanitization for the content retrieved from the SRD files or the search terms used to find them. If an attacker can modify the reference files, they can gain control over the agent's behavior.
Recommendations
- AI detected serious security threats
Audit Metadata