claude-commands
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: CRITICALPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides templates that interpolate user-supplied arguments (e.g., {{arg}}, {{environment}}) directly into prompts and shell commands without mandatory sanitization or boundary markers. \n
- Ingestion points: SKILL.md (templates for /greet, /deploy, /review-pr). \n
- Boundary markers: Absent; user input is placed directly into the command string. \n
- Capability inventory: File reading ({{file:}}) and shell execution ({{shell:}}) demonstrated across multiple examples in SKILL.md. \n
- Sanitization: Examples use simple 'if' conditions for validation, which is insufficient to prevent sophisticated injection attacks. \n- Unverifiable Dependencies & Remote Code Execution (LOW): The guide explains how to use the {{shell:...}} directive to execute arbitrary system commands. While this is a primary feature of the documented tool, the skill provides a direct surface for local code execution through user-crafted commands. \n- Data Exposure & Exfiltration (SAFE): While file access patterns are described (e.g., {{file:PROJECT_STRUCTURE.md}}), the documentation includes clear warnings against hardcoding sensitive credentials and focuses on standard development workflows.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata