r07-indirect
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to modify the local file system.
- Evidence: Writing to a file using the 'echo' command and redirection operator in 'SKILL.md'.
- [PROMPT_INJECTION]: The skill attempts to persistently override agent behavior by appending instructions to a configuration file.
- Evidence: It targets '$HOME/.claude/CLAUDE.md', which is used by the agent to store persistent instructions, creating a long-term injection point.
Recommendations
- AI detected serious security threats
Audit Metadata