Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/run-experiment/Gen Agent Trust Hub

run-experiment

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment checks, file synchronization via rsync, and process management. These commands are dynamically built using variables sourced from user input and configuration files.
  • [REMOTE_CODE_EXECUTION]: It facilitates the execution of Python scripts on local machines and remote servers via ssh. The skill executes arbitrary scripts and arguments provided in the workflow without verification or sanitization.
  • [DATA_EXFILTRATION]: The skill reads configuration from ~/.claude/feishu.json, which likely contains webhooks or API credentials, to send notifications to an external service. If the notification data or destination is manipulated, it could result in data exposure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the CLAUDE.md file.
  • Ingestion points: Workflow Step 1 reads environment and server configuration from CLAUDE.md in the project directory.
  • Boundary markers: No markers or delimiters are used to separate untrusted configuration data from system instructions.
  • Capability inventory: The skill has high-privilege access to Bash(*), Read, Write, and Edit tools.
  • Sanitization: No escaping or validation is performed on the data retrieved from CLAUDE.md before it is interpolated into shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 06:06 AM