skills/lalulali/vespyr/elicitation/Gen Agent Trust Hub

elicitation

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Node.js scripts, specifically .agents/scripts/resolve_agents.js and .agents/scripts/match_methods.js, to perform its core functions. These scripts are not included in the provided files, making their logic unverifiable.
  • [COMMAND_EXECUTION]: A command injection vulnerability is present in Step 1. The instruction node .agents/scripts/match_methods.js --context "[detailed task context, artifact name, and current section]" directs the agent to insert raw content into a shell command. If an attacker-controlled document contains shell metacharacters like semicolons or backticks, it could lead to arbitrary command execution on the host system.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests content from methods.csv (the description and output_pattern fields) and user-provided document sections but lacks boundary markers or sanitization instructions to prevent the agent from obeying malicious commands embedded in that data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 02:25 AM