Skills
skills/duc01226/easyplatform/scout-ext/Gen Agent Trust Hub

scout-ext

Fail

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill takes the USER_PROMPT ($1) and interpolates it directly into shell commands: gemini -p "[prompt]" and opencode run "[prompt]". Because the input is not sanitized or escaped, a malicious user can provide input like "; rm -rf /; #" to execute arbitrary commands on the system.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external CLI tools (gemini or opencode) if they are not found on the system. It provides no specific source URLs, version pinning, or integrity verification (checksums) for these downloads, posing a supply-chain risk.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the $1 variable. Malicious instructions embedded in the user prompt can influence the behavior of the sub-agents or the host agent's task-planning logic.
  • Ingestion points: The $1 variable (USER_PROMPT) in SKILL.md is the entry point for untrusted data.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present to protect the shell command interpolation.
  • Capability inventory: The skill uses the Bash tool to execute external binaries and the Task tool for parallel execution.
  • Sanitization: There is no evidence of input validation, shell escaping, or character filtering before the user input is passed to the terminal.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 10, 2026, 07:25 AM