Skills
skills/outfitter-dev/agents/claude-skills/Gen Agent Trust Hub

claude-skills

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill frontmatter allowed-tools includes Bash, Write, and Edit, bypassing user permission prompts for arbitrary shell command execution and file modification.
  • REMOTE_CODE_EXECUTION (HIGH): The 'Dynamic Context Injection' feature automatically executes shell commands contained within backticks (e.g., `git status`) when the skill is loaded, providing a direct path for RCE if the skill content is untrusted.
  • PROMPT_INJECTION (HIGH): The skill interpolates user input via the $ARGUMENTS variable without sanitization or boundary markers. Combined with unprompted high-privilege tool access, this creates a severe surface for indirect prompt injection attacks where malicious input can execute unauthorized commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:14 AM