Skills
skills/xenodium/emacs-skills/emacsclient/Gen Agent Trust Hub

emacsclient

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the Bash tool to execute emacsclient commands. This includes a rule to use the --eval flag for executing arbitrary Emacs Lisp (Elisp) code, which grants the agent significant control over the Emacs environment and the host file system. (File: SKILL.md)
  • [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by interpolating external data into shell commands and Elisp evaluation blocks. (File: SKILL.md)
  • Ingestion points: Filenames, line numbers, and Elisp snippets supplied by the user or found in processed documents.
  • Boundary markers: Absent. The skill does not use delimiters or provide warnings to the agent to disregard instructions embedded in the data.
  • Capability inventory: Arbitrary Elisp execution and file system interaction via the Bash tool.
  • Sanitization: Absent. There are no instructions to escape shell arguments or validate the Lisp code before evaluation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 02:55 PM