Skills
skills/vamseeachanta/workspace-hub/core-researcher/Gen Agent Trust Hub

core-researcher

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): Potential shell injection in the pre hook. The script executes memory_store "research_context_$(date +%s)" "$TASK". Since $TASK is derived from the user's input, an attacker can use shell metacharacters (e.g., backticks, $(), or ;) to execute arbitrary commands on the host system.
  • DATA_EXFILTRATION (LOW): The skill combines local file access tools (Read, Glob, Grep) with outbound network capabilities (WebFetch, WebSearch). While intended for research, this capability tier allows for the reading of sensitive local data and subsequent transmission to external domains.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and process untrusted data from external sources and local files without sanitization.
  • Ingestion points: Data enters through WebFetch, WebSearch, and Read tools.
  • Boundary markers: Absent; there are no instructions to the agent to ignore or delimit embedded commands within the fetched content.
  • Capability inventory: High-impact tools including Bash, Read, and WebFetch are available to the agent.
  • Sanitization: Absent; the skill lacks logic to filter or escape content before it is processed by the LLM or interpolated into the command hooks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 03:58 PM