Skills
skills/olino3/forge/test-cli-tools/Gen Agent Trust Hub

test-cli-tools

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The file scripts/test_runner.py utilizes subprocess.run(command, shell=True) where command is derived directly from user-provided CLI arguments. This pattern is highly susceptible to shell injection attacks, allowing an attacker or a malicious tool definition to execute unintended system commands.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from CLI tool outputs (stdout, stderr) and interpolates them into markdown templates in templates/failure_report_template.md and templates/test_report_template.md without sanitization. If a tool's output contains malicious instructions, they may influence the agent's future actions when it reads the generated reports.
  • Ingestion points: scripts/test_runner.py (lines 43-44) captures tool output.
  • Boundary markers: Uses markdown code blocks (```) but lacks explicit 'ignore instructions' warnings.
  • Capability inventory: Full shell access via subprocess.run (line 39).
  • Sanitization: No escaping or validation is performed on the stdout/stderr strings before template injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:45 PM