peer-review
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify executing shell commands via Bash that incorporate a variable named $PROMPT.
- Evidence: The skill body contains commands like
claude --model opus -p "$PROMPT"andgemini -m "gemini-3.1-pro-preview" -p "$PROMPT". - Risk: If the data within the $PROMPT variable is not properly escaped or sanitized, an attacker could include shell metacharacters to execute unauthorized commands on the host environment.
- [PROMPT_INJECTION]: The skill implements a workflow that ingests untrusted data to produce prompts for secondary AI models, creating a vulnerability to indirect injection.
- Ingestion points: User-provided tasks or problems defined in the skill's workflow.
- Boundary markers: Absent. There are no instructions to use delimiters or ignore sub-prompts.
- Capability inventory: Access to Bash execution and subagent creation.
- Sanitization: None. The skill does not describe any methods for cleaning or validating the input data before it is sent to other models.
- [EXTERNAL_DOWNLOADS]: The skill utilizes command-line interfaces for Claude, Codex, and Gemini. These are well-known technology services provided by established organizations.
Audit Metadata