Skills
skills/sirreal/agent-skills/changeset/Gen Agent Trust Hub

changeset

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill passes the user-provided <changeset-number> ($1) directly into a Bash command: ${CLAUDE_PLUGIN_ROOT}/skills/changeset/scripts/changeset.php $1. If the agent does not sanitize this input, an attacker can append shell metacharacters (e.g., ;, &&, |) to execute arbitrary commands on the host system.
  • [REMOTE_CODE_EXECUTION] (HIGH): The command injection vulnerability allows for remote code execution if an attacker can influence the input provided to the skill.
  • [Indirect Prompt Injection] (MEDIUM): The skill fetches data from an external source (WordPress Trac).
  • Ingestion points: Fetches changeset data from https://core.trac.wordpress.org/changeset/ via changeset.php.
  • Boundary markers: None. The content is fetched and displayed directly to the agent.
  • Capability inventory: Uses the Bash tool to execute local scripts and potentially perform network requests.
  • Sanitization: No evidence of output sanitization or filtering of the fetched content to prevent embedded instructions from influencing the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:43 AM