Skills
skills/vieko/bonfire/bonfire-configure/Gen Agent Trust Hub

bonfire-configure

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill writes executable hooks to .claude/settings.json. These hooks run shell commands (echo, head, git, grep) automatically during specific agent lifecycle events (PreCompact, PostToolUse). This provides a mechanism for persistent command execution that triggers without explicit user consent for each run.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted project data (package.json name, git remotes) and tool inputs ($TOOL_INPUT) to determine its behavior. Specifically, the PostToolUse hook uses grep on tool inputs to trigger suggestions. If an attacker can influence the output of a command or the input to the Bash tool, they may be able to manipulate the agent's state or trigger unexpected hook behaviors.
  • [PRIVILEGE_ESCALATION] (MEDIUM): By creating and modifying .claude/settings.json, the skill gains the ability to influence how the agent interacts with other tools and handles its own memory (compaction). It can inject instructions or context into the agent's conversation stream via the PreCompact hook output.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:10 AM