quality-gate
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface by executing untrusted content from the project repository.\n
- Ingestion points: Repository scripts referenced via
bun runand the hook script located at.claude/hooks/check-system-resources.sh.\n - Boundary markers: None identified. The skill implicitly trusts the repository structure and script definitions.\n
- Capability inventory: Can execute arbitrary shell commands via the
Bashtool, includingsh -candbunsubcommands.\n - Sanitization: No verification of the integrity or content of project scripts before execution.\n- [Command Execution] (MEDIUM): Uses shell tools to interact with system state, specifically
sysctlandps, and manages process locks viaflockin/tmp. While intended for stability, these provide system visibility and interaction.\n- [Remote Code Execution] (MEDIUM): The reliance on a local hook script (.claude/hooks/check-system-resources.sh) allows for arbitrary code execution if an attacker can commit files to the repository or influence the build environment.
Recommendations
- AI detected serious security threats
Audit Metadata