Skills
skills/roasbeef/claude-files/agentic-code-reasoner/Gen Agent Trust Hub

agentic-code-reasoner

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the run_shell_command tool to execute dynamically generated Python code (e.g., python3 -c ...) for 'Micro-Experiments.' This creates a risk of arbitrary code execution within the shell environment.
  • [EXTERNAL_DOWNLOADS]: The skill uses web_fetch to retrieve documentation or implementation details from external URLs. Without restriction to trusted domains, this can be used to connect to malicious servers.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted source code and documentation from a codebase via read_file and grep_search. Ingestion points: Phase 1 and Phase 2 in SKILL.md (e.g., reading function definitions and imported behaviors). Boundary markers: The protocol lacks delimiters or instructions to ignore embedded commands within the analyzed code. Capability inventory: run_shell_command, web_fetch, read_file, and grep_search. Sanitization: None provided for the ingested code content.
  • [DATA_EXFILTRATION]: The combination of tools for reading local files (read_file, grep_search) and making network requests (web_fetch) provides a potential path for exfiltrating sensitive data found within the codebase.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 08:44 AM