create-library

Fail

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses ruby -e to execute a Ruby script block that is dynamically constructed by interpolating variables gathered from the user into a shell command string.
  • [COMMAND_EXECUTION]: Input from Step 2, such as the footage language (which allows free-text input) and media paths (which are verified for existence but not for shell safety), are directly embedded into the Ruby command in Step 3.
  • [REMOTE_CODE_EXECUTION]: Because the input is interpolated into a ruby -e string, a user providing a malicious file path or language string (e.g., containing single quotes and Ruby code like ', system('id'), ') could escape the intended string literal and execute arbitrary code on the system.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user-supplied data that directly influences high-privilege execution paths.
  • Ingestion points: SKILL.md (Step 2
  • User-provided project names, footage locations, and languages).
  • Boundary markers: None present to separate user data from the executable command string.
  • Capability inventory: Subprocess execution via ruby -e, file copying via cp, and file system writes via Library.create.
  • Sanitization: While the project name is normalized to alphanumeric characters, the media_paths and free-text language fields lack sanitization against shell or Ruby string-injection attacks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 11:31 AM
Security Audit — agent-trust-hub — create-library