Skills
skills/notque/claude-code-toolkit/learn/Gen Agent Trust Hub

learn

Fail

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instruction set in Step 3 constructs a shell command by interpolating user-controlled variables (error_pattern, solution, error_type, error_signature) directly into a python3 call using the Bash tool. While the template wraps these variables in double quotes, an attacker can provide input containing shell metacharacters—such as backticks, $(...), or closing quotes followed by new commands—to execute arbitrary code on the underlying system.
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface (Category 8) by processing untrusted user input and using it to drive sensitive system operations.
  • Ingestion points: User-provided strings parsed in Step 1 ("error pattern" and "solution").
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore instructions embedded within the user's error/solution text.
  • Capability inventory: Uses the Bash tool (Step 3) to run local scripts and the Read tool (frontmatter) to access files.
  • Sanitization: Absent. Although Step 3 includes a text-based warning against Python string concatenation, the provided shell command template is inherently unsafe and lacks any instructions for escaping shell-active characters in the user input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 10, 2026, 07:30 AM
Security Audit — agent-trust-hub — learn