skills/oldwinter/skills/darwin-skill/Gen Agent Trust Hub

darwin-skill

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/screenshot.mjs utilizes child_process.execSync to run the system open command. It incorporates the output path directly from process.argv[3] without sanitization, which could allow for command injection if malicious input is provided.
  • [COMMAND_EXECUTION]: The scripts/screenshot.mjs file uses a hardcoded absolute file path (/Users/alchain/...) to load the playwright-core dependency, which is a non-standard and risky implementation that relies on the author's local environment.
  • [EXTERNAL_DOWNLOADS]: The documentation references a ZIP archive of the skill hosted on a Cloudflare R2 bucket (pub-161ae4b5ed0644c4a43b5c6412287e03.r2.dev).
  • [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection because it reads and evaluates the content of other agent skills to measure their effectiveness.
  • Ingestion points: Processes all skill files located in .claude/skills/*/SKILL.md during evaluation and optimization phases.
  • Boundary markers: No explicit boundary markers or instructions are used to isolate the evaluated skill content from the agent's control logic.
  • Capability inventory: The skill can perform file modifications, execute git version control commands, and run shell scripts.
  • Sanitization: The skill lacks sanitization mechanisms for the external skill content it evaluates, potentially allowing a malicious skill to influence the agent's behavior during performance testing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 12:29 AM
Security Audit — agent-trust-hub — darwin-skill