generate_command
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the '#$ARGUMENTS' placeholder, which allows arbitrary user input to be embedded into the core logic of a generated command without sanitization.
- Ingestion points: The '#$ARGUMENTS' variable in SKILL.md is used to capture user requirements.
- Boundary markers: Absent; user-provided text is directly interpolated into the command goal.
- Capability inventory: The generated commands are explicitly designed to leverage powerful capabilities including Bash execution, File Operations (Read/Write/Edit), and WebFetch.
- Sanitization: Absent; there are no instructions or patterns provided to validate or escape the user input.
- [COMMAND_EXECUTION]: The skill provides a framework for generating tools that execute arbitrary bash commands (e.g., 'bin/rails test', 'git commit'). While intended for development tasks like testing and linting, this provides a mechanism for system-level interaction and potential misuse if the generated instructions are not carefully reviewed.
Audit Metadata