system-profile
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes diagnostic utilities based on user-supplied arguments in the $ARGUMENTS variable. If these arguments are not sanitized, it could lead to command injection.
- [REMOTE_CODE_EXECUTION]: The instructions direct the agent to write and insert profiling code into target files and then run the results. This dynamic generation and execution of code on the host system is a high-risk activity.
- [DATA_EXFILTRATION]: The use of tools like strace or the profiling of arbitrary process IDs (PIDs) can expose sensitive information handled by other processes on the system, such as credentials in memory or environment variables.
- [PROMPT_INJECTION]: The skill reads and processes untrusted target code to determine instrumentation strategies. This creates a surface for indirect prompt injection where instructions hidden in code comments could influence the agent's behavior. Evidence for Category 8: 1. Ingestion point: Target code scripts. 2. Boundary markers: Absent. 3. Capability inventory: File modification, shell command execution. 4. Sanitization: Absent.
Audit Metadata