select
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes Lisp code via
emacsclient --eval. Since the agent generates this Lisp string based on data from the interaction context, an attacker could potentially inject malicious Lisp code to execute arbitrary commands within the user's Emacs session. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted context. Ingestion points: File names and selection line numbers are extracted from the conversation history. Boundary markers: None; the skill does not use delimiters or provide instructions to the agent to distinguish between user intent and potential instructions embedded in the data. Capability inventory: The skill uses the Bash tool to run
emacsclient, which provides access to the local filesystem and the Emacs Lisp runtime. Sanitization: There is no path validation or input sanitization performed before the agent-derived data is interpolated into the evaluation command.
Audit Metadata