create-library
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
ruby -eto execute a Ruby script block that is dynamically constructed by interpolating variables gathered from the user into a shell command string. - [COMMAND_EXECUTION]: Input from Step 2, such as the footage language (which allows free-text input) and media paths (which are verified for existence but not for shell safety), are directly embedded into the Ruby command in Step 3.
- [REMOTE_CODE_EXECUTION]: Because the input is interpolated into a
ruby -estring, a user providing a malicious file path or language string (e.g., containing single quotes and Ruby code like', system('id'), ') could escape the intended string literal and execute arbitrary code on the system. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-supplied data that directly influences high-privilege execution paths.
- Ingestion points: SKILL.md (Step 2
- User-provided project names, footage locations, and languages).
- Boundary markers: None present to separate user data from the executable command string.
- Capability inventory: Subprocess execution via
ruby -e, file copying viacp, and file system writes viaLibrary.create. - Sanitization: While the project name is normalized to alphanumeric characters, the
media_pathsand free-textlanguagefields lack sanitization against shell or Ruby string-injection attacks.
Recommendations
- AI detected serious security threats
Audit Metadata