Skills
skills/oaustegard/claude-skills/versioning-skills/Gen Agent Trust Hub

versioning-skills

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill exposes a broad attack surface by unzipping and processing untrusted external data.
  • Ingestion points: User-provided ZIP files are unzipped from /mnt/user-data/uploads/ to /home/claude/compare/ (SKILL.md lines 143-144).
  • Boundary markers: Absent. The skill does not use delimiters or instructions to ignore malicious content within the unzipped files.
  • Capability inventory: The skill executes unzip, git init, git add ., and git diff on the unzipped content, providing high capability to interact with the file system (SKILL.md lines 143-148).
  • Sanitization: Absent. There is no validation of ZIP contents, file paths (Zip Slip protection), or file names before they are processed by shell commands.
  • [Command Execution] (MEDIUM): The skill relies on powerful shell commands to manage files and state, which could be subverted if the environment is poisoned by malicious files.
  • Evidence: Extensive use of git commands, including git reset --hard (SKILL.md line 92) and git restore . (SKILL.md line 102), which can lead to data loss or modification based on the repository state.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:03 AM