explore
Warn
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instruction to spawn subagents using 'node "$MI_PATH" -p ''' is vulnerable to shell command injection because the prompt includes user-influenced text verbatim. An attacker can use single quotes to escape the argument and execute arbitrary shell commands.
- [COMMAND_EXECUTION]: The keyword search using 'grep -rli ''' is also vulnerable to shell injection if the keyword includes shell metacharacters or single quotes.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it processes untrusted data from the repository being explored. Ingestion points: Repository files read during cluster analysis and subagent summary generation. Boundary markers: Directives like 'Do NOT read files outside the scope' and strict output format contracts are used, which provide limited mitigation but do not prevent instruction obedience from adversarial content. Capability inventory: The agent uses 'ls', 'grep', 'node', 'kill', and 'cat' to interact with the environment. Sanitization: No explicit sanitization or escaping of codebase content is performed before it is processed by the agents or incorporated into the final response.
Audit Metadata