elicitation
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts, specifically
.agents/scripts/resolve_agents.jsand.agents/scripts/match_methods.js, to perform its core functions. These scripts are not included in the provided files, making their logic unverifiable. - [COMMAND_EXECUTION]: A command injection vulnerability is present in Step 1. The instruction
node .agents/scripts/match_methods.js --context "[detailed task context, artifact name, and current section]"directs the agent to insert raw content into a shell command. If an attacker-controlled document contains shell metacharacters like semicolons or backticks, it could lead to arbitrary command execution on the host system. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests content from
methods.csv(thedescriptionandoutput_patternfields) and user-provided document sections but lacks boundary markers or sanitization instructions to prevent the agent from obeying malicious commands embedded in that data.
Audit Metadata