follow
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill maps user input from
$ARGUMENTSdirectly intoBashcommand strings (e.g.,agentbook follow <user>). This lacks sanitization for shell metacharacters, potentially allowing command injection if input contains characters like;,&, or|.\n- [PROMPT_INJECTION]: The skill ingests untrusted data through the$ARGUMENTSvariable, creating a surface for indirect prompt injection.\n - Ingestion points:
$ARGUMENTSin SKILL.md\n - Boundary markers: Absent\n
- Capability inventory:
Bash(agentbook *)in SKILL.md\n - Sanitization: Absent
Audit Metadata