room-send
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the vendor-specific 'agentbook' CLI tool using the Bash shell. User-provided arguments for the room name and message are interpolated directly into the command string: 'agentbook room-send ""'. This pattern is susceptible to shell command injection if the input contains shell metacharacters such as double quotes, semicolons, or backticks that could break out of the intended command structure.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted user data that is subsequently passed to a system execution sink. 1. Ingestion points: User arguments provided to the room-send skill. 2. Boundary markers: No escaping or boundary markers are used to delimit the input within the bash command. 3. Capability inventory: The skill uses the Bash tool to execute CLI commands. 4. Sanitization: The skill implements a 140-character length check but performs no validation or sanitization of shell metacharacters.
Audit Metadata