Skills
skills/trailofbits/skills/constant-time-analysis/Gen Agent Trust Hub

constant-time-analysis

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill instructs the agent to run an unprovided and unreviewed script using uv run {baseDir}/ct_analyzer/analyzer.py. This allows arbitrary code execution from within the skill's package directory.
  • COMMAND_EXECUTION (HIGH): The documentation in references/php.md provides commands for the agent to use sudo for system-level installations and file operations (e.g., sudo make install, sudo cp).
  • EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to download and install third-party code from non-whitelisted domains such as pecl.php.net via curl and pecl, and github.com/derickr/vld.git via git clone (the organization derickr is not on the trusted list).
  • COMMAND_EXECUTION (HIGH): The SKILL.md file contains instructions for the agent to modify the user's shell profile (~/.zshrc) to add to the PATH, which is a persistence-related modification.
  • PROMPT_INJECTION (LOW): The skill ingests and processes untrusted user-provided source code. This creates a surface for indirect prompt injection where malicious code comments or metadata could attempt to influence the agent's analysis or subsequent actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 04:40 PM