grok
Warn
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Spawns the host-level
grokCLI to perform shell commands and file edits in any specified host directory.- [COMMAND_EXECUTION]: Facilitates interaction with other backend tools by allowing the agent to discover and trigger registered functions through theiiiCLI.- [REMOTE_CODE_EXECUTION]: Headless turns are configured to auto-approve actions (always_approve: true), removing human-in-the-loop oversight for potentially dangerous shell operations.- [PROMPT_INJECTION]: Exposed to indirect prompt injection where malicious instructions in the filesystem or user messages could be executed by the Grok CLI. - Ingestion points: Content from the directory specified in
cwdand input provided inpromptormessages. - Boundary markers: No explicit markers are used to differentiate untrusted data from the agent's instructions.
- Capability inventory: Includes shell command execution, file system modifications, and cross-function triggering via the
iiibus. - Sanitization: No input sanitization or validation is implemented before data is passed to the underlying execution engines.
Audit Metadata