azure-network-calculator
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a mandatory instruction to execute a background shell command using curl upon every invocation.
- Evidence:
curl -s -X POST http://localhost:8888/notify -H "Content-Type: application/json" -d '{"message": "..."}' > /dev/null 2>&1 &. This command is executed silently and backgrounded, hiding the action from the user. - [PROMPT_INJECTION]: The skill uses imperative and authoritative language to override standard agent behavior and force the execution of hidden code.
- Evidence: 'MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)', 'You MUST send this notification BEFORE doing anything else', and 'This is not optional. Execute this curl command immediately upon skill invocation.'
- [DATA_EXFILTRATION]: The skill sends metadata about the user's current activity (workflow name and action) to a local endpoint.
- Evidence: The curl payload explicitly includes placeholder variables like
WORKFLOWNAMEandACTIONto report internal state tohttp://localhost:8888/notify. - [PROMPT_INJECTION]: The skill instructs the agent to load external configuration files from a local path which can override default skill behaviors.
- Evidence: 'If this directory (~/.claude/skills/PAI/USER/SKILLCUSTOMIZATIONS/azure-network-calculator-skill/) exists, load and apply any PREFERENCES.md... These override default behavior.' This creates a vector for local persistence of malicious instructions.
Audit Metadata