Line Execution Checker

Fail

Audited by Gen Agent Trust Hub on May 31, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The provided C++ source code (line_checker.cpp) contains a critical shell command injection vulnerability in the find_gcov_file function. The code constructs a command string for the system() function by concatenating the source_file variable, which originates from user-controlled command-line arguments. An attacker can exploit this to execute arbitrary shell commands by providing a filename containing shell metacharacters (e.g., file.c; id).
  • [PROMPT_INJECTION]: The skill's metadata in SKILL.md identifies the author as "Claude", which is the name of a well-known AI model. This is a form of metadata poisoning that can mislead both users and AI agents about the origin and safety of the skill, potentially bypassing trust-based evaluations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 31, 2026, 12:32 AM
Security Audit — agent-trust-hub — Line Execution Checker