Skills
skills/olshansk/agent-skills/cmd-latest-msg/Gen Agent Trust Hub

cmd-latest-msg

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
  • Ingestion points: The agent reads content from /tmp/agents/<agent>/latest.md in the use and use <agent> commands.
  • Boundary markers: There are no delimiters or "ignore instructions" warnings provided when reading and displaying the content from the file.
  • Capability inventory: The skill executes shell commands (mkdir, date) and uses a Write tool to modify the filesystem.
  • Sanitization: No sanitization, escaping, or validation is performed on the content read from disk before it is re-introduced into the agent's context.
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands (mkdir -p /tmp/agents/<agent> and date +%s) to manage the storage environment and generate metadata.
  • [DATA_EXFILTRATION]: The skill persists assistant messages to the /tmp directory. On multi-user systems, /tmp is typically world-readable, meaning any messages stored by the agent could be accessed by other users or processes on the same machine, leading to local data exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:11 PM