Skills
skills/patricio0312rev/workspaces/workspace-services/Gen Agent Trust Hub

workspace-services

Fail

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The shell script scripts/services.sh uses the eval command to execute strings parsed directly from external configuration files via the get_ws_command function. This executes the configuration content as active shell code.
  • [REMOTE_CODE_EXECUTION]: Because the skill executes commands defined in project files that may originate from untrusted sources (e.g., cloned GitHub repositories), it facilitates remote code execution. An attacker can embed malicious logic in the start-all or stop-all commands of a project.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through manipulated project metadata.
  • Ingestion points: Data is read from WORKSPACE.md and package.json in the scripts/services.sh script.
  • Boundary markers: No boundary markers or 'ignore' instructions are used when processing these files.
  • Capability inventory: The skill can execute arbitrary shell commands, manage processes, and navigate the filesystem.
  • Sanitization: There is no sanitization or validation of the commands fetched from external files before they are passed to the shell.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 27, 2026, 08:07 PM