perl-validate
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'perl -c' and 'perl -wc' commands to check script syntax.
- Evidence: Found in 'SKILL.md' under 'Syntax Validation' and 'Quick Validation Commands'.
- Technical Detail: Perl executes code in BEGIN, UNITCHECK, CHECK, and 'use' blocks during the compilation check phase. A malicious user could craft a Perl script that executes arbitrary system commands when an agent attempts to validate it.
- [REMOTE_CODE_EXECUTION]: Validating untrusted Perl scripts with the provided instructions allows for arbitrary code execution in the agent's environment.
- Evidence: The skill's primary function is to process user-provided scripts via the Perl interpreter.
- Technical Detail: This vulnerability exists because the 'perl -c' syntax check is not a passive analysis; it involves active execution of script components by the interpreter.
- [EXTERNAL_DOWNLOADS]: The skill relies on external utilities and libraries to perform its checks.
- Evidence: Mentions 'perlcritic', 'podchecker', and Perl modules like 'IPC::System::Simple', 'autodie', and 'Pod::Usage'.
- Context: While these are standard tools, they must be present in the environment for the skill to function as documented.
Audit Metadata