command-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill documents 'Inline Bash Execution' using the
!prefix (e.g., !git log). This feature allows the execution of arbitrary shell commands. When combined with argument interpolation, this presents a high risk of command injection. - PROMPT_INJECTION (HIGH): The skill explains how to use positional arguments ($1, $2, $ARGUMENTS) and file references (@$1) to ingest data into the agent's context. This is a direct vector for Indirect Prompt Injection if the content of the files or arguments is controlled by an attacker.
- INDIRECT PROMPT INJECTION (HIGH): (Vulnerability Surface Analysis)
- Ingestion Points: User-provided arguments ($1, $2, $ARGUMENTS) and file paths (@$1) are the primary entry points for untrusted data into the command execution flow.
- Boundary Markers: The documentation does not illustrate or mandate the use of delimiters or 'ignore' instructions to separate untrusted arguments from the command logic.
- Capability Inventory: The skill describes access to the
Bashtool and native inline bash execution, providing a powerful execution environment for injected payloads. - Sanitization: There is no evidence of sanitization or validation strategies provided in the documentation to prevent characters like
;,|, or&in arguments from altering the intended shell command logic.
Recommendations
- AI detected serious security threats
Audit Metadata