check-metadata-typos
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill interpolates user-provided input 'STEP_PATH' directly into a shell command in Step 2: '.venv/bin/codespell "${STEP_PATH}"/*.meta.yml'. Double quotes in shell do not prevent command substitution or arithmetic expansion, allowing an attacker to execute arbitrary code via inputs like '$(cmd)'.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The implementation includes logic to run 'uv add --dev codespell' at runtime if the package is missing. This introduces a dependency on the external PyPI registry at execution time without version pinning, which is an unverifiable dependency risk.
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Data is read from '.meta.yml' and '.dvc' files. 2. Boundary markers: No markers or 'ignore embedded instructions' warnings are present. 3. Capability inventory: The skill utilizes 'sed -i' for file modification and 'codespell' via subprocess calls. 4. Sanitization: There is no sanitization of the content from metadata files before it is processed or presented to the agent, allowing malicious content in metadata to influence agent behavior.
Recommendations
- AI detected serious security threats
Audit Metadata