delegate-commit-sync
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute sub-agent tools with flags that suppress human-in-the-loop oversight and bypass permission prompts. Specifically, it prescribes the use of '--yolo' for the Cursor Agent and '--dangerously-skip-permissions' for Claude Code, allowing autonomous and potentially destructive actions without user verification.
- [PROMPT_INJECTION]: The instructions involve interpolating user-provided prompts directly into shell command templates (e.g.,
kimi --prompt "<提示词>"). This pattern is susceptible to command injection if the input contains shell metacharacters designed to escape the command string and execute arbitrary code on the host system. - [COMMAND_EXECUTION]: The skill logic directs the agent to access and parse the user's local terminal configuration files to identify command aliases. Accessing files like .bashrc or .zshrc exposes sensitive system configurations and potentially environment variables to the AI agent.
Audit Metadata