gm-emit
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a protocol for arbitrary code execution using the
exec:<lang>pattern, allowing the agent to run commands in Node.js, Bash, Python, Rust, Go, and other environments. This enables the agent to execute dynamically generated logic throughout the EMIT and VERIFY phases.- [DATA_EXFILTRATION]: The skill facilitates filesystem access by instructing the agent to write files using the Node.jsfsmodule and perform dynamic imports from absolute paths (import('/abs/path/to/module.js')). This behavior allows for the reading, modification, and potential exposure of arbitrary local data.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from local disk files and processes external inputs during its debugging and verification steps. A malicious file on disk could influence agent behavior when imported or read. \n - Ingestion points: Local filesystem reads via
import()andfs(SKILL.md).\n - Boundary markers: None identified; logic is executed directly from disk files.\n
- Capability inventory: Broad arbitrary code execution capabilities across multiple languages and filesystem write permissions (SKILL.md).\n
- Sanitization: No evidence of sanitization, validation, or escaping of file content or external inputs before processing.
Audit Metadata