dev-server
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script 'scripts/check_ports.sh' is vulnerable to command injection. The '$port' argument is passed unquoted and unvalidated into a subshell: '$(lsof -ti :$port)'. This allows an attacker to execute arbitrary shell commands by providing a port value like '3000; [malicious_command]'.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes 'kill -9' to terminate processes. While the skill claims to check for project ownership, the underlying capability allows the agent to kill any process bound to a specified port, which could lead to denial of service or data loss.
- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface (Category 8). Evidence: 1. Ingestion points: 'scripts/check_ports.sh' reads process metadata (command lines and working directories) via 'ps' and 'lsof'. 2. Boundary markers: Absent. 3. Capability inventory: Process termination ('kill -9') and system scanning ('lsof', 'ps'). 4. Sanitization: None; output from system tools is ingested as raw text, which could contain malicious instructions embedded in process names or paths.
Recommendations
- AI detected serious security threats
Audit Metadata