last30days
Fail
Audited by Gen Agent Trust Hub on Feb 12, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
================================================================================
🔴 VERDICT: HIGH
This skill presents a HIGH risk due to the explicit allowance of powerful system tools (Bash, Read, Write) and the execution of a Python script (last30days.py) with user-controlled arguments ($ARGUMENTS). This combination creates a significant attack surface for command injection and data exfiltration.
Total Findings: 2
🔴 HIGH Findings: • COMMAND_EXECUTION
- Line 10, 29: The skill explicitly allows the
Bashtool, which can execute arbitrary commands. Furthermore, it executes a Python script via Bash:python3 "{baseDir}/scripts/last30days.py" "$ARGUMENTS". The$ARGUMENTSare user-controlled, and if not properly sanitized by the Python script, could lead to command injection, allowing an attacker to execute arbitrary commands on the system. • DATA_EXFILTRATION - Line 9, 10: The skill allows
ReadandWritetools, which grant access to the file system. Combined with theBashtool and the implied network capabilities (viaWebSearchand the skill's purpose to gather external data), there is a high potential for sensitive data to be read from the system and exfiltrated to external servers. For example, a malicious instruction could read~/.aws/credentialsand send it via a network request.
================================================================================
Recommendations
- AI detected serious security threats
Audit Metadata