call-external-ai
Fail
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill translates user-provided natural language into shell commands and executes them directly. This creates a significant risk of command injection, especially when using patterns like
$(cat file)which can be manipulated by malicious file names or inputs. - Evidence: SKILL.md instructions for translating "check this file for bugs" into
codex exec "Review for bugs: $(cat file.ts)". - [EXTERNAL_DOWNLOADS]: The skill contains logic to automatically execute software upgrade commands whenever an upgrade is detected as available. This is a form of unverified remote code execution if the upgrade source is compromised.
- Evidence: SKILL.md section "On Upgrade Available" instructs the agent to "Run the upgrade command".
- [DATA_EXFILTRATION]: The skill is instructed to inspect system environment variables and read local files to provide context to external AI tools. This could lead to the exposure of sensitive configuration or project identifiers.
- Evidence: SKILL.md instructions to run
env | rg "GOOGLE|GCP|CLOUDSDK|PROJECT"and gather file contents for thecodex execandgeminicommands. - [REMOTE_CODE_EXECUTION]: The skill features "Self-Healing" behavior that involves executing commands to refresh internal references and performing automated software upgrades.
- Evidence: SKILL.md instructions to run
--helpcommands to updatereference/cli-reference.mdand execute upgrades automatically.
Recommendations
- AI detected serious security threats
Audit Metadata