skills/okooo5km/skills4u/grid25/Gen Agent Trust Hub

grid25

Fail

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the bash_tool to execute a local Python script (scripts/render.py) with arguments derived from user input and external search results. The instructions direct the agent to interpolate these strings directly into a shell command line. This creates a high risk of shell command injection if a user or a malicious search result provides a string containing shell metacharacters (e.g., "; curl ... | bash; #).
  • [COMMAND_EXECUTION]: The rendering logic in scripts/render.py performs simple string replacement to inject the industry and results_json variables into HTML templates. These templates are subsequently displayed to the user via the visualize:show_widget tool. Because there is no sanitization or escaping of these variables, malicious content (such as <script> tags) in the industry name or search results could execute arbitrary JavaScript in the user's interface (XSS).
  • [PROMPT_INJECTION]: The skill has a high exposure to indirect prompt injection due to its processing of untrusted data from the web.
  • Ingestion points: Untrusted external data is fetched via the web_search tool in Step 5 and processed into a JSON format.
  • Boundary markers: No boundary markers or instructions are present to prevent the agent from obeying instructions embedded within the search results.
  • Capability inventory: The skill possesses powerful capabilities including bash_tool (shell access), web_search, and visualize:show_widget (UI rendering).
  • Sanitization: No sanitization or validation is performed on the data before it is passed to the shell or the rendering engine.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 18, 2026, 09:25 AM
Security Audit — agent-trust-hub — grid25