build-artifacts
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill takes the
{config_name}and{version}from user input and places them directly into shell commands likecat,find, anddu. An attacker can execute arbitrary commands by supplying metacharacters in the arguments (e.g.,lib; uname -a; @1.0).\n- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8).\n - Ingestion points: It reads all documentation files in the
contents/directory of the target package.\n - Boundary markers: None present. There are no instructions to the agent to treat the documentation as untrusted data.\n
- Capability inventory: The skill has filesystem access (read/write) and the ability to execute system commands via the shell.\n
- Sanitization: There is no evidence of sanitization or escaping of the ingested content before it is used to generate new skill files.
Recommendations
- AI detected serious security threats
Audit Metadata