Skills
skills/xenodium/emacs-skills/highlight/Gen Agent Trust Hub

highlight

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes emacsclient --eval via the Bash tool to execute code within a running Emacs process.
  • [REMOTE_CODE_EXECUTION]: The agent dynamically constructs a Lisp command string containing file paths and line numbers. Because this string is evaluated by the Emacs server, crafted input can be used to execute arbitrary Lisp code.
  • [PROMPT_INJECTION]: The skill uses data from untrusted interaction contexts to build its executable commands.
  • Ingestion points: File paths and regions are determined from the interaction context as specified in SKILL.md.
  • Boundary markers: No delimiters or escaping mechanisms are used to wrap the interpolated variables.
  • Capability inventory: The Bash tool is used to call emacsclient, which has the capability to run arbitrary shell commands through Emacs Lisp.
  • Sanitization: The skill does not perform any validation or escaping of the file paths, allowing an attacker to break out of the Lisp data structure by providing names containing parentheses or quotes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 05:50 AM