Skills
skills/wu-yc/labclaw/treatment-plans/Gen Agent Trust Hub

treatment-plans

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use sudo for system-level operations such as updating the TeX Live manager and installing LaTeX packages (e.g., sudo tlmgr update --self and sudo tlmgr install nejm). This constitutes a privilege escalation risk.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of local Python scripts using the Bash tool. These scripts process user input and interact with the file system (e.g., python scripts/generate_schematic.py, python check_completeness.py).
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface where untrusted user data is interpolated into shell commands. Evidence:
  • Ingestion point: User-provided diagram descriptions are passed directly to scripts/generate_schematic.py.
  • Boundary markers: None present to delimit user input from shell arguments.
  • Capability inventory: The skill utilizes Bash, Write, Read, and Edit tools.
  • Sanitization: No evidence of input validation or sanitization is provided for the data used in command-line arguments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 04:33 AM