Line Execution Checker
Fail
Audited by Gen Agent Trust Hub on May 31, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The provided C++ source code (
line_checker.cpp) contains a critical shell command injection vulnerability in thefind_gcov_filefunction. The code constructs a command string for thesystem()function by concatenating thesource_filevariable, which originates from user-controlled command-line arguments. An attacker can exploit this to execute arbitrary shell commands by providing a filename containing shell metacharacters (e.g.,file.c; id). - [PROMPT_INJECTION]: The skill's metadata in
SKILL.mdidentifies the author as "Claude", which is the name of a well-known AI model. This is a form of metadata poisoning that can mislead both users and AI agents about the origin and safety of the skill, potentially bypassing trust-based evaluations.
Recommendations
- AI detected serious security threats
Audit Metadata