coolhunter
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses shell commands (
mkdir,cat) to manage an output directory and save generated reports. While restricted to a specific subfolder (coolhunter-output/), this pattern presents a surface for potential misuse if combined with unsanitized external data. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core workflow:
- Ingestion points: Untrusted data enters the agent via
web_searchinreferences/workflow-execution.md(Step 2). - Boundary markers: Absent; search results are not delimited or wrapped in instructions to ignore embedded commands.
- Capability inventory: Shell execution (
mkdir,cat) used in the final step of the workflow. - Sanitization: The skill defines 'Slug Generation Rules' to clean headlines into filenames, which provides a layer of defense against path traversal, but does not sanitize the primary content of the report which is written to disk via
cat.
Audit Metadata