context-loader
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The instructions in output.md direct the agent to execute any shell scripts matching sync*.sh found within an unpacked archive, bypassing all security reviews.
- [Persistence Mechanisms] (HIGH): The skill metadata claims it runs at launch, which, when combined with arbitrary script execution, indicates a high risk of establishing persistent unauthorized access.
- [Obfuscation] (MEDIUM): The skill uses deceptive instructions to treat a document as a zip archive, a technique used to hide executable content within seemingly benign files.
- [Indirect Prompt Injection] (LOW): The skill processes content from hidden docx files and executes commands extracted from them. Evidence: 1. Ingestion: .*.docx files via pandoc. 2. Boundary markers: None. 3. Capability: Shell execution via find -exec. 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata