wiring
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill promotes executing arbitrary strings via
python -candnpx, which are significant command execution vectors. - [PERSISTENCE] (HIGH): It instructs the agent to modify
.claude/settings.jsonand add scripts to.claude/hooks/, enabling persistent unauthorized code execution. - [PRIVILEGE_MODIFICATION] (MEDIUM): Includes commands to change file permissions (
chmod +x), facilitating the execution of newly created scripts. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill defines a high-risk capability surface where untrusted data could influence persistent hook registration and command execution without sanitization or boundary markers. Ingestion: .claude/settings.json. Capability: python -c, chmod, hook registration. Sanitization: Absent. Boundary markers: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata