uninstall
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to execute shell commands with arguments populated directly from user input. \n
- Evidence (SKILL.md): The workflow utilizes the command
python {SKILL_DIR}/uninstall.py --target <choice> --tools <tool1,tool2,...>where the variables are sourced from user responses. \n - Risk: Maliciously crafted input (e.g.,
; malicious_command) could lead to arbitrary command execution on the host system if the agent does not apply proper shell escaping or sanitization. \n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines an attack surface for indirect prompt injection by processing untrusted user input and using it to drive powerful tool capabilities. \n - Ingestion points: User input via the
AskUserQuestiontool and selection numbers. \n - Boundary markers: Absent; the user input is directly interpolated into the command string without delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The skill uses
Bash(python*), which allows for significant system interaction. \n - Sanitization: Absent; there are no instructions for the agent to validate or escape the provided tool names or target choices.
Audit Metadata