Skills
skills/jubscodes/get-shit-pretty/pretty/Gen Agent Trust Hub

pretty

Warn

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute code generated by a sub-agent directly in the terminal via node -e. Running generated code without human review or strict sandboxing is a high-risk pattern.
  • [REMOTE_CODE_EXECUTION]: The skill relies on an external AI agent (gsp-ascii-artist) to produce the executable payload. This creates a runtime code execution path where the logic is not statically defined and is subject to the model's output.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it ingests untrusted data from the local development environment and passes it to a code-generating agent without sanitization.
  • Ingestion points: The skill reads data from git log --oneline -5, package.json, README.md, and git diff --stat (SKILL.md).
  • Boundary markers: No delimiters or specific instructions (like "ignore embedded commands") are provided to the sub-agent to distinguish between the gathered context and actual instructions.
  • Capability inventory: The skill has access to the Bash tool, which is explicitly used to run the generated node -e commands.
  • Sanitization: There is no evidence of filtering, escaping, or validating the input data before it is interpolated into the artist agent's prompt.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 07:13 PM