timeline
Fail
Audited by Gen Agent Trust Hub on Feb 12, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
================================================================================
🔴 VERDICT: CRITICAL
This skill presents critical security vulnerabilities due to direct prompt injection and a high risk of command injection, which could lead to arbitrary code execution and data exfiltration. The reliance on an unverified script further exacerbates these risks.
Total Findings: 3
🔴 CRITICAL Findings: • Command Injection
- Line 19: The instruction
Run: ${CLAUDE_PLUGIN_ROOT}/skills/timeline/scripts/timeline.php [arguments]executes a PHP script via Bash, where[arguments]are derived from user input. Theallowed-toolsdefinitionBash(${CLAUDE_PLUGIN_ROOT}/skills/timeline/scripts/timeline.php:*)confirms that arbitrary arguments can be passed to the script. Without proper sanitization of user input before constructing these arguments, an attacker could inject arbitrary shell commands (e.g.,'; rm -rf /') leading to arbitrary code execution and potential system compromise. This also enables data exfiltration.
🔴 HIGH Findings: • Prompt Injection
- Line 8: The instruction
Query WordPress Trac timeline for: $1directly inserts user-controlled input ($1) into the prompt given to the LLM. An attacker could use this to inject new instructions, override the LLM's behavior, or bypass safety guidelines.
🟡 MEDIUM Findings: • Unverifiable Dependency
- Line 5: The skill executes
${CLAUDE_PLUGIN_ROOT}/skills/timeline/scripts/timeline.php. The content of this PHP script is not provided for analysis. Therefore, its security cannot be assessed, and it represents an unverifiable dependency. This significantly increases the risk associated with the command injection vulnerability.
================================================================================
Recommendations
- AI detected serious security threats
Audit Metadata