ignore
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Bash script at $PLUGIN_DIR/scripts/manage-ignore.sh using the Bash tool and passes user-provided $ARGUMENTS directly to it without quoting. This pattern is vulnerable to shell injection attacks where metacharacters like semicolons or pipes can be used to execute unintended system commands.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from arguments to perform sensitive operations. (Ingestion points: $ARGUMENTS in SKILL.md; Boundary markers: Absent; Capability inventory: Bash, Read, TodoWrite, TodoRead; Sanitization: Absent).
- [COMMAND_EXECUTION]: While the script is a vendor-provided resource from terrylica, the method of invocation allows user input to escape the intended execution context and interact directly with the shell environment.
Recommendations
- AI detected serious security threats
Audit Metadata