malware-scan-yara
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data through scanned files and possesses command execution capabilities. Malicious content or filenames could manipulate the agent's logic during the result parsing phase (Step 3). Evidence: Data entry at
<target-path>, no boundary markers or sanitization logic found inSKILL.md.\n- [COMMAND_EXECUTION] (MEDIUM): Shell commands inSKILL.mdare constructed using placeholders like<rules-file-or-dir>and<target-path>. If these are populated with unsanitized user input, it allows for arbitrary shell command injection (e.g., using semicolons or backticks in filenames).\n- [EXTERNAL_DOWNLOADS] (LOW): The skill references YARA rules fromhttps://github.com/Yara-Rules/rules. Per [TRUST-SCOPE-RULE], this is a trusted GitHub organization, which downgrades the download finding severity to LOW.
Recommendations
- AI detected serious security threats
Audit Metadata