budget-optimizer
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The bash script
scripts/budget-optimizer.shuses unquoted shell variables ($ACCOUNT_ARG,$PRESET, and$MODE) when invoking thesocialcommand. This lack of sanitization allows an attacker to inject shell metacharacters (e.g.,;,&,|) through these variables to execute unauthorized commands on the host system. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of
@vishalgojha/social-cli, a package from an untrusted third-party developer. This poses a supply chain risk as the dependency is not from a trusted organization or well-known service. - [DATA_EXFILTRATION]: The script writes sensitive marketing insights, including spend and performance data, to world-readable files in the
/tmp/directory. This exposes confidential business information to any other user or process on the same machine. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external marketing data.
- Ingestion points: Ad campaign names and performance metrics fetched from the
socialtool inscripts/budget-optimizer.sh. - Boundary markers: Absent; data is passed directly to the agent without delimiters.
- Capability inventory: The skill can generate budget recommendations and write to the filesystem in
scripts/budget-optimizer.sh. - Sanitization: None; the campaign data is processed raw via
jqand provided as output to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata