Skills
skills/jonmumm/skills/nightshift/Gen Agent Trust Hub

nightshift

Fail

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/nightshift.sh script executes the claude and codex tools using the --dangerously-skip-permissions and --dangerously-bypass-approvals-and-sandbox flags. This bypasses built-in safety mechanisms and allows the agent to execute any shell command without user oversight or approval.
  • [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection. Its primary workflow involves reading content from project files such as docs/product-specs/*.md and docs/BUGS.md and using that content to drive autonomous agent actions. Maliciously crafted documentation or task backlogs could hijack the agent's behavior during unattended sessions to perform unauthorized activities.
  • [REMOTE_CODE_EXECUTION]: The autonomous loop is designed to write and execute code (such as tests and implementation logic) based on external specifications. Combined with the bypass of security approvals and the lack of human oversight, this provides a dangerous mechanism for arbitrary code execution if the source documentation is compromised.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 11, 2026, 09:46 PM