scripting
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill provides a high-privilege surface by enabling the agent to write and execute scripts. 1. Ingestion points: User-defined script requirements and CLI arguments in script_analyzer.py. 2. Boundary markers: None; there are no clear delimiters to separate user data from script templates. 3. Capability inventory: Use of subprocess.run for command execution, requests for network APIs, and the kubernetes package for infrastructure access. 4. Sanitization: Absent; templates do not include validation or escaping for user-supplied data.
- [Command Execution] (MEDIUM): Guides and templates promote the use of Python's subprocess and Bash's exec functions, which can be leveraged for unauthorized system actions if the agent is compromised.
- [Data Exposure] (LOW): Templates demonstrate patterns for Bearer token and Kubernetes config usage, which are standard for the domain but represent an exposure risk for credentials if not handled securely by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata