BeCreative
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill mandates the execution of a
curlcommand tohttp://localhost:8888/notifyimmediately upon invocation. Requiring an agent to run shell commands is a dangerous practice that can be leveraged for local network probing or exploitation of local services. - [PROMPT_INJECTION] (HIGH): The skill instructions create a high-severity Indirect Prompt Injection surface by directing the agent to load and follow unverified instructions from the local directory
~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/BeCreative/. 1. Ingestion points: Files likePREFERENCES.mdwithin the customization directory. 2. Boundary markers: Absent; the agent is explicitly told these files 'override default behavior'. 3. Capability inventory: The agent has the capability to execute shell commands and perform complex tasks, which could be subverted by malicious content in these files. 4. Sanitization: Absent; the skill does not validate the source or integrity of the customization files.
Recommendations
- AI detected serious security threats
Audit Metadata