minimal-run-and-audit
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/run_command.pyexecutes arbitrary shell commands provided via the--commandargument usingsubprocess.run. While it utilizesshlex.splitto handle argument parsing, the script essentially acts as a wrapper for executing system-level commands determined by the agent or user input.- [COMMAND_EXECUTION]: The scriptscripts/write_outputs.pyperforms dynamic loading and execution of a Python module from a relative path (../../../shared/scripts/write_run_bundle.py). This dynamic execution pattern relies on the integrity of the target file system and files located outside the skill's own directory.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes externally provided reproduction goals and commands and executes them. \n - Ingestion points: Commands and reproduction goals passed to
scripts/run_command.py.\n - Boundary markers: The instructions lack explicit delimiters to separate untrusted data from the execution prompt.\n
- Capability inventory:
subprocess.runinscripts/run_command.pyallows for system-level actions.\n - Sanitization: Arguments are split using
shlex.split, but the commands themselves are not validated against a whitelist.
Audit Metadata