skills/iii-hq/workers/grok/Gen Agent Trust Hub

grok

Warn

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Spawns the host-level grok CLI to perform shell commands and file edits in any specified host directory.- [COMMAND_EXECUTION]: Facilitates interaction with other backend tools by allowing the agent to discover and trigger registered functions through the iii CLI.- [REMOTE_CODE_EXECUTION]: Headless turns are configured to auto-approve actions (always_approve: true), removing human-in-the-loop oversight for potentially dangerous shell operations.- [PROMPT_INJECTION]: Exposed to indirect prompt injection where malicious instructions in the filesystem or user messages could be executed by the Grok CLI.
  • Ingestion points: Content from the directory specified in cwd and input provided in prompt or messages.
  • Boundary markers: No explicit markers are used to differentiate untrusted data from the agent's instructions.
  • Capability inventory: Includes shell command execution, file system modifications, and cross-function triggering via the iii bus.
  • Sanitization: No input sanitization or validation is implemented before data is passed to the underlying execution engines.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 3, 2026, 09:15 AM
Security Audit — agent-trust-hub — grok