Sales
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands for notification and logging purposes. Specifically, it uses
curlto send a POST request to a local notification service (http://localhost:31337/notify) and usesechoto append execution metadata to a JSONL log file located at~/.claude/PAI/MEMORY/SKILLS/execution.jsonl. It also executes a local TypeScript utility viabun runto generate visual assets using theartskill. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted product documentation. This content is summarized and then interpolated into prompts for other skills (StoryExplanation and Art) as well as into shell command arguments for logging. The absence of explicit boundary markers or sanitization steps in these templates creates a surface where malicious instructions embedded in the input documentation could potentially influence the agent's behavior or the generated output.
Audit Metadata