handoff
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to use a shell command
echo "PROMPT_CONTENT" | pbcopyto interact with the host system. This is an unnecessary use of the shell for a clipboard operation that can be exploited if the content is not strictly controlled.- REMOTE_CODE_EXECUTION (HIGH): BecausePROMPT_CONTENTis dynamically generated from the conversation history—an untrusted source that can include attacker-influenced data—an attacker can inject shell metacharacters (such as backticks,$(), or semicolons). These characters will be evaluated by the system shell when the agent executes the output command, leading to arbitrary code execution.- INDIRECT_PROMPT_INJECTION (HIGH): This skill exhibits a severe vulnerability surface (Category 8) due to the combination of untrusted data ingestion and dangerous capabilities. * Ingestion points: The skill analyzes the 'Current Session' which frequently contains data from external web pages, files, or user-provided content. * Boundary markers: There are no delimiters or instructions provided to the agent to sanitize or ignore malicious payloads within the session data. * Capability inventory: The skill possesses the ability to execute shell commands. * Sanitization: No escaping or validation logic is present; the skill directs the agent to place raw content directly into a bash string template.
Recommendations
- AI detected serious security threats
Audit Metadata