tldr-deep
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill's execution logic relies on interpolating user-provided strings into shell commands, such as
tldr search "def <function_name>" .. If an attacker provides a function name containing shell metacharacters (e.g.,func; rm -rf /), it could lead to arbitrary command execution. This is mitigated slightly by its primary use case as a developer tool, justifying a MEDIUM rather than HIGH severity. - [PROMPT_INJECTION] (LOW): The skill exhibits surface area for Indirect Prompt Injection (Category 8). 1. Ingestion points: The
<function_name>,<file>, and<found_file>variables sourced from user input. 2. Boundary markers: None; variables are placed directly within shell command strings and Python API calls. 3. Capability inventory: Includes shell command execution and file system access across multiple analysis layers (L1-L5). 4. Sanitization: No escaping, validation, or sanitization logic is specified for the inputs before they are passed to subprocesses.
Audit Metadata