octopus-architecture
Fail
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates command injection by instructing the agent to place user-provided input directly into a bash command string in STEP 2:
orchestrate.sh spawn backend-architect "<user's architecture request>". This allows an attacker to escape the double quotes and execute arbitrary shell commands. - [COMMAND_EXECUTION]: The skill requires the execution of multiple bash scripts located in the user's home directory (
~/.claude-octopus/), which are external dependencies that the agent is forced to run. - [PROMPT_INJECTION]: The skill employs 'MANDATORY', 'ENFORCED', and 'PROHIBITED' directives to override the agent's standard behavior. It specifically commands the agent not to design architecture directly or 'simulate' the workflow, forcing the execution of scripts regardless of the user input's safety.
Recommendations
- AI detected serious security threats
Audit Metadata