Skills
skills/nikiforovall/claude-code-rules/version-bump/Gen Agent Trust Hub

version-bump

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes external content from 'marketplace.json' which acts as a control file for file system operations.\n
  • Ingestion points: The VersionBumper.discover_plugins method in scripts/bump_version.py reads 'source' paths directly from the JSON input.\n
  • Boundary markers: None. The agent is instructed to use the configuration as a source of truth for plugin locations.\n
  • Capability inventory: The script uses open(path, 'w') to overwrite files based on the 'source' value, enabling arbitrary file write within the scope of the agent's permissions.\n
  • Sanitization: The script uses lstrip('./') which is ineffective against path traversal. An attacker can use sequences like 'plugins/../../' to escape the intended directory and overwrite sensitive files (e.g., shell profiles or configuration files).\n- Command Execution (MEDIUM): The skill automates file modifications based on user-influenced metadata. If an agent is used to evaluate a malicious repository or pull request, it could be coerced into executing these modifications on the host system.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:37 PM