Skills
skills/neversight/skills_feed/explain/Gen Agent Trust Hub

explain

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill templates bash commands by directly interpolating the user-provided $TARGET variable into strings such as test -f "$TARGET" and ast-grep -p "function $TARGET". This lack of sanitization allows for arbitrary command execution on the host if the target string contains shell metacharacters (e.g., ; rm -rf /).
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) as it is designed to ingest and explain untrusted external code.
  • Ingestion points: Uses Read, Grep, and Glob tools to collect content from files and directories specified by the user or found via symbol search.
  • Boundary markers: Absent; the skill does not use delimiters or provide 'ignore instructions' warnings to the expert agents when processing ingested content.
  • Capability inventory: The agent has access to Bash for command execution and the Task tool for calling other agents, and it can modify the filesystem (e.g., updating ARCHITECTURE.md).
  • Sanitization: No validation or filtering is performed on ingested code content before it is processed, allowing malicious comments or documentation to influence the agent's behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:56 AM