error-handling
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell scripts (
search.sh,log-error.sh) using command-line arguments derived from untrusted error messages (e.g.,bash $CLAUDE_PLUGIN_ROOT/scripts/search.sh "<error message>"). If an error message contains shell metacharacters such as backticks, semicolons, or command substitutions, it could lead to arbitrary command execution if the input is not strictly sanitized by the script or the agent. - [PROMPT_INJECTION]: The skill possesses a significant indirect prompt injection surface as it is designed to ingest and process error strings from external, untrusted sources including API responses, log files, and web content.
- Ingestion points: Error messages are pulled from terminal stderr, log file contents, and API response bodies.
- Boundary markers: Absent. There are no explicit delimiters or instructions provided to the agent to disregard potential commands embedded within the error strings being processed.
- Capability inventory: The skill has the capability to execute bash scripts and modify files within the plugin root and home directory (
~/.claude/solved-errors.md). - Sanitization: While the skill mentions 'Error Normalization' for the purpose of fuzzy matching (stripping UUIDs and line numbers), there is no evidence of security-focused sanitization to prevent the agent from obeying instructions embedded in the ingested data.
Audit Metadata