decision-critic
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The execution instructions in
SKILL.mdfor thedecision-critic.pyscript are vulnerable to shell injection. - Evidence: The skill defines a command template for the agent to use:
python3 .claude/skills/decision-critic/scripts/decision-critic.py --decision "<decision text>" --context "<constraints and background>" --thoughts "<your thoughts>". - Vulnerability: The template uses double quotes to wrap variables like
<decision text>and<constraints and background>which are populated by user input. If a user provides a string containing shell metacharacters such as backticks, semicolons, or double quotes (e.g.,"; harmful_command; #), they can escape the argument context and execute arbitrary code on the host operating system. - Lack of Sanitization: The skill provides no instructions to the agent to validate or escape user input before interpolation, and the Python script does not perform internal sanitization of its arguments against shell breakout.
Recommendations
- AI detected serious security threats
Audit Metadata