Skills
skills/barefootford/buttercut/roughcut/Gen Agent Trust Hub

roughcut

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The export.rb script uses shell backticks to run xmllint with the @output_path variable interpolated into the command string. If filenames derived from the plan slug contain shell metacharacters, this could lead to unintended command execution.
  • [COMMAND_EXECUTION]: The skill and sub-agent instructions specify the use of shell utilities such as cp, date, grep, and bundle exec for file management and data processing.
  • [PROMPT_INJECTION]: The sub-agent prompt is exposed to indirect prompt injection via the ingestion of plan markdown files.
  • Ingestion points: SKILL.md interpolates {paste full plan markdown} into the sub-agent's prompt.
  • Boundary markers: No delimiters or protective instructions are used to separate the plan content from the agent's primary instructions.
  • Capability inventory: The agent can execute shell commands (cp, grep), run scripts (bundle exec), and perform file writes (export.rb).
  • Sanitization: There is no evidence of sanitization or validation performed on the plan content before it enters the agent's context.
  • [EXTERNAL_DOWNLOADS]: The export.rb script depends on the buttercut gem, which is an external package not part of the Ruby standard library.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 11:47 AM