cloud-infra-detector
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a PostToolUse hook that executes a shell script using a relative path traversal: ../../../hooks/skills/post_output_validation_hook.sh. This command attempts to run a script located multiple levels above the skill's own directory, which could allow for the execution of unauthorized code outside of the skill's sandbox environment.
- [PROMPT_INJECTION]: The skill is designed to ingest and process raw data from external sources, including DNS records, HTTP headers, and IP signals, which provides a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters the skill via the ip_signals, dns_signals, http_signals, tls_signals, and repository_signals inputs described in SKILL.md.
- Boundary markers: There are no boundary markers or instructions provided to the agent to ignore embedded commands within the ingested data signals.
- Capability inventory: The skill possesses the capability to read files, perform pattern matching with Grep, and execute shell scripts via the command hook.
- Sanitization: The provided detection logic shows no evidence of sanitizing or validating input signals before they are used to determine infrastructure attribution or included in the final output JSON.
Audit Metadata