create-legacy-command
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use
bashandechoto create files based on user-provided strings such as the name and description. Interpolating untrusted user input directly into shell commands creates a significant risk of command injection (e.g., via semicolons or backticks) if the agent does not strictly validate the input characters. - [PROMPT_INJECTION]: The
SKILL.md.jinjatemplate generates instructions that explicitly override agent behavior, such as: "you MUST execute the provided Python determinism script instead of attempting to solve the task using raw bash or javascript logic." This pattern of generating hard-coded overrides can be used to bypass an agent's standard reasoning or safety guardrails in generated sub-components. - [EXTERNAL_DOWNLOADS]: The generated
README.md.jinjatemplate provides ready-to-use bash commands for installing external Python dependencies (pip install -r requirements.txt). While common in development workflows, this facilitates the introduction of unverified third-party code into the agent's environment.
Audit Metadata