anachb
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (CRITICAL): All provided shell scripts (
search.sh,departures.sh,route.sh,disruptions.sh) are vulnerable to arbitrary shell command injection due to unsafe interpolation of user-controlled variables. - Evidence: In
search.sh, the variable$QUERYis interpolated as'"$QUERY"'within thecurl -dargument. Because the variable is expanded outside of the single-quoted string, a payload like'; touch /tmp/pwned #will terminate thecurlcommand and execute the injected command. - Impact: An attacker can execute any command with the privileges of the agent process.
- [REMOTE_CODE_EXECUTION] (HIGH): The command injection vulnerability enables the execution of remote code by allowing an attacker to use
curlorwgetto download and run malicious scripts. - [DATA_EXFILTRATION] (HIGH): Through command injection, an attacker can access sensitive environment variables, system files (e.g.,
/etc/passwd), or cloud metadata, and exfiltrate them to an external server. - [PROMPT_INJECTION] (HIGH): Category 8: The skill ingests untrusted external data from the HAFAS API which could contain malicious instructions designed to override agent behavior.
- Ingestion points:
search.sh,departures.sh,route.sh, anddisruptions.shall retrieve data fromhttps://vao.demo.hafas.de/gate. - Boundary markers: None identified. The raw API output is processed by
jqand returned to the agent. - Capability inventory: The skill utilizes subprocess execution (
curl,jq). - Sanitization: None. Data from the API (such as station names or disruption messages) is passed directly into the agent's context.
Recommendations
- AI detected serious security threats
Audit Metadata