hard-fix
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (e.g.,
grep -ri "<keywords>" docs/log/) using unvalidated user-provided input. This pattern is vulnerable to command injection if the agent does not properly sanitize the input before shell execution. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it processes data from untrusted or external sources, including project documentation and library source code.
- Ingestion points: Files in
docs/,docs/log/, and various library directories such asnode_modules,site-packages, andvendor. - Boundary markers: None identified; instructions are mixed with data during the synthesis of findings.
- Capability inventory: Shell command execution (
grep,ls) and various sub-agent tool calls with broad system access. - Sanitization: No evidence of input validation or output sanitization before the synthesis of findings or during the parallel investigation phase.
Audit Metadata