mark-read
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a Python script via 'uv run'. It constructs the command by placing the user-provided 'chat' parameter directly into a shell string within a heredoc block.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through command injection. 1. Ingestion points: The user-supplied 'chat' parameter in SKILL.md. 2. Boundary markers: No delimiters or quotes are used to isolate the user input from the shell command. 3. Capability inventory: Access to the Bash tool allows for execution of arbitrary system commands. 4. Sanitization: The skill lacks any instructions for input validation or escaping to prevent the use of shell metacharacters like semicolons or backticks.
Audit Metadata