strudel
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (CRITICAL): The skill instructs the agent to run 'python3 scripts/strudel_url.py' and 'grep' by interpolating user input directly into shell command strings. By using shell metacharacters like single quotes or backticks (e.g., providing an intent like "'); [cmd]; #"), an attacker can break out of the command and execute arbitrary system-level code.\n- PROMPT_INJECTION (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8).\n
- Ingestion points: User's musical intent and refinement requests defined in SKILL.md.\n
- Boundary markers: Absent; user strings are interpolated without delimiters or escaping instructions.\n
- Capability inventory: Shell execution (python3, grep) and unrestricted local file system read access.\n
- Sanitization: Absent; the instructions do not require the agent to validate or escape input before shell processing.
Recommendations
- AI detected serious security threats
Audit Metadata