expand-shell
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes grep to verify the presence of code artifacts and describes creating verification steps that involve executing shell commands.
- [PROMPT_INJECTION]: The skill processes content from markdown files in the .turbo/shells/ directory, creating a surface for indirect prompt injection. 1. Ingestion point: Reading shell files from .turbo/shells/*.md. 2. Boundary markers: Absent. 3. Capability inventory: File write to .turbo/plans/, file deletion in .turbo/shells/, and invocation of the survey-patterns skill. 4. Sanitization: Content from shell files is not sanitized before interpolation into the agent context.
Audit Metadata