ai-low-hanging-fruit

Warn

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands (e.g., git add, commit, push, ls) using variables like feature slugs and project names derived from user input. This pattern creates a risk of command injection if strings contain shell metacharacters, particularly in the commit message or file path construction.
  • [DATA_EXFILTRATION]: The skill reads documentation from the user's Documents directory ($HOME/Documents/obsidian/obsidian) and transmits the content to a remote server using git push. While this facilitates version control, it enables the transfer of sensitive project data to external infrastructure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the PRD and technical specification files it ingests. Ingestion points: Reads prd.md and tech-spec.md from the local feature directory. Boundary markers: Content is interpolated directly into the analysis prompt without delimiters or instructions to ignore embedded commands. Capability inventory: The agent has filesystem write permissions and network-connected shell access. Sanitization: No validation or filtering is applied to the content of the ingested files before they are processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 7, 2026, 02:45 PM
Security Audit — agent-trust-hub — ai-low-hanging-fruit