Skills
skills/broomva/skills/persist/Gen Agent Trust Hub

persist

Fail

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script 'scripts/persist.py' uses 'subprocess.run' with 'shell=True' to execute commands constructed from file contents.
  • [REMOTE_CODE_EXECUTION]: In 'scripts/persist.py', the '_spawn_agent' function reads the entire contents of a prompt file ('PROMPT.md') and interpolates it directly into a shell command template using 'agent_cmd.replace("{}", prompt_text)'. Because the agent is intended to update its own state and goals in this file and the resulting string is executed via a shell, this creates a direct path for command injection. A malicious agent can insert shell metacharacters into the prompt file to execute arbitrary code on the local machine.
  • [REMOTE_CODE_EXECUTION]: The test file 'tests/test_persist_unit.py' uses 'importlib.import_module' to dynamically load the skill's Python module from a path determined at runtime.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 29, 2026, 02:41 AM
Security Audit — agent-trust-hub — persist