testing-expected-results
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/verify.shexecutes arbitrary shell commands provided through the--commandargument usingbash -c. While this is the intended functionality for verifying command outcomes, it allows for the execution of any system command. - [DATA_EXFILTRATION]: The skill captures sensitive system metadata, including the full process list (
ps aux) and network connection states (netstatorss). This information is stored in a temporary state directory and included in reports, potentially exposing internal system configurations in logs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes output from executed commands and file contents without sanitization. Ingestion points:
scripts/verify.shreads command output fromcommand_output.txtand file content viagrep. Boundary markers: None are implemented to isolate external content from agent instructions. Capability inventory: The skill can execute arbitrary shell commands, access the filesystem, and monitor system processes. Sanitization: No validation or escaping is applied to the ingested data.
Audit Metadata