auri-core
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata includes a
risk: nonefield, which is an authoritative claim about its own safety designed to bypass or influence security evaluations by overriding automated risk assessments.\n- [COMMAND_EXECUTION]: The comparison table inSKILL.mdcontains the system binary path/usr/bin/bashwithin a data cell intended for pricing information (R\\/usr/bin/bash-99/mes). This inclusion of high-risk system paths in non-code contexts is highly suspicious and could serve as an injection vector in automated data processing pipelines.\n- [COMMAND_EXECUTION]: The pricing table includes a potentially malicious null-byte escape sequence (\\0) within a data field (R\\0/mes), which is a technique commonly used to test for string-handling vulnerabilities or to bypass security filters.\n- [DATA_EXFILTRATION]: The documentation references the author's local Windows directory structure (e.g.,C:/Users/renat/skills/auri-core/), exposing internal development environment information that could be leveraged for further targeting.
Audit Metadata