Skills
skills/xenodium/emacs-skills/open/Gen Agent Trust Hub

open

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the emacsclient --eval command to evaluate Emacs Lisp (Elisp) code at runtime. This allows the agent to interact directly with a running Emacs server.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it takes file paths and line numbers from recent interactions and embeds them into the Elisp code string. If these inputs contain malicious characters (e.g., unbalanced parentheses), they could result in the execution of unintended Lisp commands.
  • Ingestion points: File paths and line metadata are extracted from the agent's recent context (SKILL.md).
  • Boundary markers: No delimiters or safety instructions are used to separate user-influenced data from the Elisp template.
  • Capability inventory: The skill possesses the capability to execute any Elisp command within the user's Emacs session via the Bash tool.
  • Sanitization: No sanitization or escaping logic is implemented to ensure the integrity of the generated Elisp payload.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 05:50 AM