raam-audit
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute a shell script (
raam-lookup.sh) using arguments such as criterion IDs or search keywords. If these inputs are not correctly sanitized by the script, it could lead to command injection. - [COMMAND_EXECUTION]: The skill uses a load-time execution pattern (
!command) to run a script and populate the agent's context with RAAM topics automatically. This executes silently upon loading the skill. - [COMMAND_EXECUTION]: The skill invokes external scripts located in paths calculated at runtime using environment variables and relative directory traversal (e.g.,
${CLAUDE_SKILL_DIR}/../scripts/). This allows execution of code residing outside the skill's own file. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes untrusted code files (via
grepscans) and possesses command execution capabilities. There are no defined boundary markers or sanitization steps for the data being ingested from the user's codebase.
Audit Metadata