Skills
skills/0xranx/golembot/escalation/Gen Agent Trust Hub

escalation

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands to write escalation records to a local file. This pattern is vulnerable to command injection if user-provided input is not properly escaped before being included in the command.
  • Evidence: The skill uses echo 'JSON_STRING' >> .golem/escalations.jsonl in SKILL.md as a template for logging.
  • Risk: An attacker could craft a request that breaks out of the single-quoted string (e.g., by including ' && command #) to execute arbitrary shell commands on the system.
  • [DATA_EXFILTRATION]: While no direct exfiltration logic is present, the potential command injection vulnerability allows an attacker to execute network commands (like curl or wget) to send sensitive local data to a remote server.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes and stores untrusted user input.
  • Ingestion points: User requests and context entering the agent through the escalation logic described in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore malicious content within the recorded data.
  • Capability inventory: File system writing via the shell (SKILL.md).
  • Sanitization: Absent; the instructions do not require the agent to sanitize or validate the content of the reason or context fields before writing them.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 12:10 PM