Skills
skills/yonatangross/orchestkit/dream/Gen Agent Trust Hub

dream

Fail

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses unsafe command construction when pruning memory files. In Step 5, file paths are interpolated directly into a bash command: Bash(command=f"rm '{stale['path']}'"). This allows for arbitrary command execution if a filename contains a single quote followed by shell metacharacters (e.g., filename'; malicious_command #).
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by aggregating content from multiple untrusted memory files into a central index.
  • Ingestion points: Reads frontmatter and body text from all .md files found in .claude/agent-memory/, .claude/projects/, and .claude/memory/ directories.
  • Boundary markers: None. Extracted descriptions are inserted directly into the new MEMORY.md index without delimiters or instructions to ignore embedded instructions.
  • Capability inventory: Access to Bash (command execution), Write (file modification), Edit, Glob, Grep, and Read tools.
  • Sanitization: No sanitization, escaping, or validation is performed on filenames or extracted descriptions before they are used in shell commands or written to the index file.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 14, 2026, 01:08 AM