skills/dnyoussef/ai-chrome-extension/when-creating-slash-commands-use-slash-command-encoder/Gen Agent Trust Hub
when-creating-slash-commands-use-slash-command-encoder
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch theclaude-flow@alphapackage from the NPM registry during multiple workflow phases (e.g., Phase 1: Design Command Interface, Phase 5: Deploy Command). - [REMOTE_CODE_EXECUTION]: Executing code from an unverified NPM package via
npxallows for the execution of remote code on the host machine. The skill also facilitates the generation and deployment of custom Javascript code as command handlers. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to build and install software, including a global installation step (
npx claude-flow@alpha command install --from dist/commands.bundle.js --global) and modifying shell completion directories (~/.bash_completion.d/). - [PROMPT_INJECTION]: The command handler templates (e.g., in
SKILL.md) are vulnerable to indirect prompt injection. Ingestion points: User-provided parameters (e.g.,path) incommands/analyze-handler.js. Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the prompt templates. Capability inventory: The handler can execute agent logic viathis.routeToAgent(mapped toclaudeFlow.agent.execute). Sanitization: There is no sanitization or escaping of the user-providedpathvariable before it is passed to the agent execution logic.
Audit Metadata